last executing test programs:

3.254717716s ago: executing program 3 (id=263):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYRESHEX=r0, @ANYRES16, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
munmap(&(0x7f000045e000/0x1000)=nil, 0x1000)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x82)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)

2.050796003s ago: executing program 2 (id=280):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0700000004000000200100000102000028"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000)
r2 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r2, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3)
symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

1.97411724s ago: executing program 2 (id=282):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYRESHEX=r0, @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
munmap(&(0x7f000045e000/0x1000)=nil, 0x1000)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x82)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)

1.797433434s ago: executing program 0 (id=288):
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x18)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)

1.769715296s ago: executing program 0 (id=290):
r0 = socket$key(0xf, 0x3, 0x2)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x18)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0202000311000000000000000000000005000500000000000a00000000000000fe8000000000000000000000000000bb000000000000000002000100000007000000000b000000000200090000000000000000000000000005000600000000000a00000000000000fe8800000000000000000000000000010000000000000000010018"], 0x88}}, 0x0)

1.695736243s ago: executing program 0 (id=294):
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300000004000085"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000240)='sched_switch\x00', r1, 0x0, 0xfffffffffffffffe}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000003c0)='./bus\x00', 0xe, &(0x7f0000000540)={[{@resuid}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)

1.626031928s ago: executing program 0 (id=295):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
timer_create(0x5, &(0x7f0000000000)={0x0, 0x1c, 0x2, @thr={&(0x7f0000000280)="4ab68e3d062268b7261dc1590f5fdd31aa7060cc46c7de4e8493dd8c15e5cb38f7cf34728c79f5005b50cb836b12a553d3f55b6fb8ba75805ec9774ef762dbaac8c5f6ff1e9a64340cd52f13126c3298c2d93eba03ed9537340f970865d770987826da347715efe2d3a22dabf658b7e4f535c649", &(0x7f0000000300)="f318b4a6594d3ab55531a86540c7fddd84cbd6c37b4006bbc0616daf858522a73ac4aa555c87c8376b3faee5118a36257ac2c7a7fc7067560354ca84e0340e50176ba2463294bb6d7554ca3d6dfcbefd2f5d"}}, &(0x7f0000000080))
bpf$PROG_LOAD(0x5, &(0x7f0000003b00)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3)
symlink(&(0x7f0000000dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000cc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

1.472739311s ago: executing program 4 (id=299):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f0000000340)={0xe8, r3, 0x300, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0x48, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xc2}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5e}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}]}, @TIPC_NLA_MEDIA={0x8c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffff}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfbc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xa}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x20048004}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r1}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x2, [@restrict, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x0, 0x3}]}, @volatile={0x0, 0x0, 0x0, 0x9, 0x3}]}}, &(0x7f0000001b80)=""/4090, 0x46, 0xffa, 0xa}, 0x20)
r4 = dup(0xffffffffffffffff)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x40542, 0x0)
ftruncate(r5, 0xee72)
sendfile(r4, r5, 0x0, 0x8000fffffffe)

1.464864371s ago: executing program 0 (id=300):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'lo\x00', <r1=>0x0})
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00'}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r2, 0x58, &(0x7f00000000c0)}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000001823", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000007cc0)=ANY=[@ANYBLOB="3c00000010000305fcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="11110200002006001c0012800b0001006d616373656300030c0002800500030007000000"], 0x3c}, 0x1, 0x0, 0x0, 0x48890}, 0x0)
r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000580)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
ioctl$PPPIOCBRIDGECHAN(r5, 0x40047435, &(0x7f0000000780)=0x2)
socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000200)={@empty}, &(0x7f0000000400)=0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xb, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000e9c18f78ff7567fc76865c485a2b8820207025000000000020ca28397520207b1af8ff0000001bbfa100000000001007010000f8ffffffb702000008000000b703"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
io_cancel(0x0, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r8, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
unshare(0x14040080)

1.444214383s ago: executing program 4 (id=301):
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x18)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, 0x0)

1.409480756s ago: executing program 4 (id=302):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'ip6_vti0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x2000008, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}]}, 0x38}}, 0x0)

1.409013006s ago: executing program 4 (id=303):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'sit0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r1, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0x10, 0x1}}]}}, @TCA_RATE={0x6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x48801}, 0x0)

1.386765088s ago: executing program 4 (id=305):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000004800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000050000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x5d2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
lstat(0x0, 0x0)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f0000000380)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @ipv4={'\x00', '\xff\xff', @remote}, @ipv4={'\x00', '\xff\xff', @loopback}, 0x2000000, 0x0, 0x8, 0x400, 0x0, 0x930310})
ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f0000000040)={@loopback, @local, @dev={0xfe, 0x80, '\x00', 0xf}, 0x1, 0x0, 0x40, 0x500, 0x209, 0x80810208})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000400)={0x4, &(0x7f0000000240)=[{0x1000, 0x5, 0x10}, {0x2, 0xb0, 0x2, 0x7fffffff}, {0x8, 0x10, 0x40, 0x67ee}, {0x2, 0x2, 0x0, 0x2000005}]})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f0000000300)={[{@errors_remount}, {@noload}, {@nogrpid}, {@usrquota}, {@noblock_validity}, {}, {@mblk_io_submit}, {@acl}, {@resgid}], [], 0x3d}, 0x1, 0x51f, &(0x7f00000007c0)="$eJzs3UFsI1cZAOB/HDvd7KZNChygEqXQouwK1k4a2kY9lCIhOFUCyn0JiRNFceIodtpNVEFWHDgiIQRInMqFCxInTkioEheOCKkSnEGAQAi2cEACdirb4+xuMk6yG8fOJt8nTea955n3v+doxn7jp5kALqxnIuLViLiTpum1iJjIygvZErudpbXde7ffWmgtSaTp6/9IIsnKunWlbY/FlWy3SxHxlS9GfD05GLexvbM6X6tVN7N8pbm2UWls71xfWZtfri5X12dnZ16ce2nuhbnpvvRzPCJe+fxfvv+dn3zhlV9++s0/3vjb1W8kWXns68cDKh72YqfrpfZ7ce8Omw8Z7CwqtnuYGcvbYuRAya1TbhMAAL19ICI+ERHXYiJGDv86CwAAADyC0s+Ox/+S7m93B4z2KAcAAAAeIYX2HNikUM7m+45HoVAuR3sO74ficqFWbzQ/tVTfWl/szJWdjFJhaaVWnc7mCk9GKWnlZ9rpu/nn9+VnI+LJiPjexFg7X16o1xaHffEDAAAALogr+8b//57ojP8BAACAc2Zy2A0AAAAATp3xPwAAAJx/xv8AAABwrn3ptddaS9p9/vXiG9tbq/U3ri9WG6vlta2F8kJ9c6O8XK8vt+/Zt3ZUfbV6feMzsb51s9KsNpqVxvbOjbX61nrzxsp9j8AGAAAABujJj73z+yQidl8eay8to8fb9ZibAWdVcS+VZOucw/oPT3TWfx5Qo4CBGBl2A4ChKQ67AcDQlIbdAGDokiNe7zl55zfZ+uP9bQ8AANB/Ux/J//3/6OuCu4UBNA84RQ5iALh42t/zjzuT15cFOFdKZgDChXfi3/+PlKYP1CAAAKDvxttLUihnl/fGo1AolyMebz8WoJQsrdSq0xHxRET8bqL0WCs/094zOXLMAAAAAAAAAAAAAAAAAAAAAAAAAAB0pGkSKQAAAHCuRRT+mvyqcy//qYnnxvdfHxhN/jMR2SNC3/zR6z+4Od9sbs60yv+5V978YVb+/DCuYAAAAMCFUHyQjbvj9O44HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD66b3bby10l0HG/fvnImIyL34xLrXXl6IUEZf/lUTxnv2SiBjpQ/yx1p8P58VPWs3aC5kXf+ztk8ffvXVo/JjM3oW8+FdOHh4utHda559X846/QjzTXucff8WI+/IPq/f5L/bOfyM9jv/HjxnjqXd/VukZ/1bEU8X88083ftIj/rN5Ff782weKvvbVnZ1e8dO3I6ZyP3+S+2JVmmsblcb2zvWVtfnl6nJ1fXZ25sW5l+ZemJuuLK3Uqtnf3Bjf/egv7hzW/8s94k8e0f/ncuobzSn7/7s3b3+wkyzlxb/6bE78X/842+Jg/EL22ffJLN16faqb3u2k7/X0T3/79GH9X+zR/6P+/1d7VbrPtS9/60/H3BQAGIDG9s7qfK1W3TwbiZej7zW3RvhD79ejl/hveiaacbqJb/a1wjRN09YxdYJ6khjcm5Ac3tRhn5kAAIB+u/ulf9gtAQAAAAAAAAAAAAAAAAAAgItrEHca2x9zdy+V9OMW2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAffF+AAAA///0iOAC")
mremap(&(0x7f0000a99000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f0000ff8000/0x2000)=nil)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="400000001000030528bdff00cf00000000000000", @ANYRES32=0x0, @ANYBLOB="8b800000000000002000128008000100677265001400028008000600ac14143a08000700e000030a"], 0x40}}, 0x0)
unshare(0x60000480)

1.325116632s ago: executing program 0 (id=306):
r0 = syz_usb_connect(0x3, 0x1c, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYRES64=r0, @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
syz_usb_control_io$lan78xx(r0, &(0x7f00000000c0)={0x14, &(0x7f0000000000)={0x20, 0x4, 0x58, {0x58, 0xd, "699243dd0252f6d0574c3df0b00bf008e0e27b0e4361543665f64ae5c33b173e2b01da19f5776d8e64fab8aab4089b83b4840314bf357787f139ff9806d8611166f66faeb005239c469c6a92b13400fde991dbf20599"}}, &(0x7f0000000080)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x43e}}}, &(0x7f0000000440)={0x34, &(0x7f0000000240)={0x20, 0x14, 0x9c, "53190b5c237d7d2bb5d4c52da816448c7a7c0116ce17485f990d0087623448652d2da4f483d82d2409e2f8d5057b0b4e211fd07c598dd9f8c234be93ebda60355302e92d90f6f3b1d829354aa73f20079366927f3184fc321a7839f42817cc0c01368fa8e2e38124d6c0415632397f3d4836a5518cbf0e5db3cab2aa506adee499c013b7973ce60130392d4d204dc5597c58b5fe32efa54209b4c507"}, &(0x7f0000000100)={0x0, 0xa, 0x1, 0x9e}, &(0x7f0000000140)={0x0, 0x8, 0x1, 0x5}, &(0x7f00000001c0)={0xc0, 0xa1, 0x4, 0xfffffffc}, &(0x7f0000000300)={0x40, 0xa0, 0x4, 0x7}, &(0x7f0000000340)={0xc0, 0xa2, 0x2f, "be97122484144af26dc2aef539b100333f78ab09ed0702e8005fc9e84cf4702f3fcc0683e871f72716215d40c5e7ec"}})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r3}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040))
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r5}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @link_local={0x7}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}, {0x0, 0x0, 0x28, 0x0, @wg=@data={0x4, 0x0, 0x0, "20029476b3addfab81507b25977f5d53"}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_open_dev$usbfs(&(0x7f0000000540), 0x0, 0x280000)
ioctl$USBDEVFS_ALLOW_SUSPEND(0xffffffffffffffff, 0x5522)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r6, &(0x7f0000000580)={0xa, 0x4e22, 0x1000, @local, 0x9}, 0x1c)
bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x1ff, 0x5c, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xfffffffe}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b7030000000000de850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000140))
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r8, 0x8923, &(0x7f0000000000)={'vlan1\x00', @broadcast})
r9 = socket$inet6(0xa, 0x3, 0x3c)
r10 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r10, 0x541a, 0x0)
setsockopt$inet6_IPV6_RTHDR(r9, 0x29, 0x39, &(0x7f0000001640)=ANY=[@ANYBLOB="00020201"], 0x18)
timer_create(0x3, &(0x7f0000000580)={0x0, 0x15, 0x2, @thr={&(0x7f00000006c0)="5cfa5b9c667de18c25de15bc3b779c37a859c1944a50e2aea24ede9ca906c0b6260d2aaf18043452a44922cd1789ceb8542846d5a71a84e96b1f5377464b9abc327ea89b59d22fa220b61fdbaaabc7f9d802d6245b8de25403461543dc7672d8af7a7646b2bb3e1d65b7db53f7bd32d0c46cc7371e6ddecf70262f55d948a9f41ab452270d50e057bb6166e4baa4fa1a5853efa139c9ec2fed159b34f2bb9ec68b079b7c241d346ca29434a3ea822cc0dfc463f605c6c53569fd413654610e668c932aa7fe51aadfa61354b965723bbff9aca24028630b99d96f7f577a5262e38844663bb6a1a870e3b88eb7ef69dd47d006922f7a30fd6b", &(0x7f00000007c0)="55e61767c33ab7aa98fa57d99b516e35b64ccf4d0f347339869e4196d704926d79b6f321504043dd76194e65a1e31ad6cfd6a99ec78f881f91a688b3e458c7e5686a821b80ec55253067830c898305e3e7235f31f9ae70eb293d61cd70d76438832fc4b6241d558002da2f520ffc198aa1be587888a6c7c2d6e0bfbbc57f9aff4080246126539d9aeb400165b4d4ec317e76f818254da88d4be9420e744395c29c37bd8d27aa4f47a07963fe37d72d36a3c8594e1ef81004cd969c572895b96041a42112d5a2c34587ccc5071c68a37d7f7e8b065ff24ca2885bc903543011f238"}}, &(0x7f00000005c0))

603.202181ms ago: executing program 1 (id=313):
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x80040c, &(0x7f0000000580)={[{@orlov}, {@norecovery}]}, 0x1, 0x5e8, &(0x7f0000001200)="$eJzs3c9vFdUeAPDv3P6gpbzXQl7ee7iQJsZAorS0gCHGBWwNafBH3Lix0oJIgYbWaNGEkuDGxLgxxsSVC/G/UCJbVrpy4caVISFqWJp4zdzOlP6Y2x+X207T+XySS2fOmeGc4fLtOXPuOXMDqKzB9I9axMGImE4i+pP5xbzOyDIHF4579OdH59NXEvX6a78nkWRp+fFJ9rMvO7knIn78IYkDHavLnZm7cXl8amryerY/PHtlenhm7sbRS1fGL05enLw6+sLoqZMnTp4aOdbSdd0sSDt7+933+z8Ze/Obr/5KRr79ZSyJ0/FyduDS62iXwRhs/Jskq7P6TrW7sJJ0ZP9Plr7FSWeJFWJT8vevKyL+F/3REY/fvP74+JVSKwdsqXoSUQcqKhH/UFF5PyC/t195H1wrpVcCbIeHZxYGAFbHf+fC2GD0NMYG9j5KYumwThIRrY3MLbcvIu7fG7t94d7Y7diicTig2PytiPh/UfwnjfgfiJ4YaMR/bVn8p/2Cc9nPNP3VFstfOVQs/mH7LMR/z5rxH03i/60l8f92i+UPPt58p3dZ/Pe2ekkAAAAAAABQWXfPRMTzRZ//1xbn/0TB/J++iDjdhvIHV+yv/vy/9qANxQAFHp6JeKlw/m8tn/070JFt/asxH6AruXBpavJYRPw7Io5E1550f2SNMo5+euDLZnmD2fy//JWWfz+bC5jV40HnnuXnTIzPjj/pdQMRD29FPFU4/zdZbP+TgvY//X0wvcEyDjx751yzvPXjH9gq9a8jDhe2/4+fWpGs/XyO4UZ/YDjvFaz29Ieffdes/Fbj3yMm4Mml7f/eteN/IFn6vJ6ZzZdxfK6z3iyv1f5/d/J645Ez3VnaB+Ozs9dHIrqTsx1p6rL00c3XGXajPB7yeEnj/8gza4//FfX/eyNifsXfnfyxfE1x7r9/9/3arD76/1CeNP4nNtX+b35j9M7A983K31j7f6LR1h/JUoz/wYIv8jDtXp5eEI6dRVnbXV8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2A1qEbEvktrQ4natNjQU0RcR/4m9talrM7PPXbj23tWJNK/x/f+1/Jt++xf2k/z7/weW7I+u2D8eEfsj4vOO3sb+0PlrUxNlXzwAAAAAAAAAAAAAAAAAAADsEH1N1v+nfusou3bAlussuwJAaQri/6cy6gFsP+0/VJf4h+oS/1Bd4h+qq8X472p3PYDtp/2H6hL/UF3iHwAAAAAAdpX9h+7+nETE/Iu9jVeqO8szvwd2t1rZFQBK4xE/UF2m/kB1uccHknXye5qetN6Za5k+/wQnAwAAAAAAAAAAAEDlHD5o/T9UlfX/UF3W/0N15ev/D5VcD2D7uccHYp2V/IXr/9c9CwAAAAAAAAAAAABop5m5G5fHp6Ymr9t4Y2dUox0b6Tu7kYPr9frNxrEtlbVnB1zpjtrIp8LvlPqs2MjX+m3srNJ+JQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACv8EwAA//8IGSKz")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r1, &(0x7f0000004200)='t', 0x1)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000000c0)={'ip_vti0\x00', &(0x7f00000001c0)={'syztnl1\x00', <r2=>0x0, 0x9, 0x20, 0x4, 0x8, {{0x2c, 0x4, 0x0, 0x0, 0xb0, 0x66, 0x0, 0xa, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0x33, 0x3, 0x8, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x66}, {@local, 0x3}, {@local}]}, @timestamp={0x44, 0x14, 0x5b, 0x0, 0x0, [0x2, 0x0, 0x9, 0xffff]}, @generic={0x7, 0xd, "efaf1107e5b08b16448649"}, @timestamp={0x44, 0xc, 0xc1, 0x0, 0x3, [0x9, 0x52a]}, @timestamp_addr={0x44, 0x24, 0x81, 0x1, 0x6, [{@remote, 0x400}, {@private=0xa010102, 0x9}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x5}, {@loopback, 0x7}]}, @timestamp={0x44, 0x1c, 0x5d, 0x0, 0x2, [0x4, 0x4, 0x3, 0x8000, 0x9, 0x5]}, @timestamp_addr={0x44, 0xc, 0xa8, 0x1, 0x8, [{@remote, 0x200}]}, @ssrr={0x89, 0x7, 0x84, [@remote]}]}}}}})
sendmsg$inet(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="d2c3d53823ea2cc1772366342b88ee37eda1fe0b6dbab6ab95892f6f652049e416021bb3ae01e2d6dd0bd2d3f85b14219c9cbeb238909875f41be5bf3a926a2886dacf52a8086be4fe5749caf33d65eb55803125ca9d8b716bff3dc7f3b76ff10149121dcfdd72fbe5ce8183bf1cbf4a531ce2b8d0b18a590771", 0x7a}], 0x1, &(0x7f00000005c0)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x5}}, @ip_retopts={{0xf0, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x3c, 0x3e, 0x3, 0x7, [{@empty, 0x6}, {@rand_addr=0x64010101, 0x7}, {@multicast2, 0x4}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x2}, {@loopback, 0x7}, {@broadcast, 0x4}, {@dev={0xac, 0x14, 0x14, 0x19}, 0x2}]}, @timestamp={0x44, 0x14, 0xa, 0x0, 0x1, [0x6, 0x0, 0x6, 0x27]}, @cipso={0x86, 0x4d, 0x1, [{0x7, 0x8, "37dfc27d73a5"}, {0x6, 0x5, "1bcf8d"}, {0x2, 0x8, "5468adc69632"}, {0x0, 0xa, "fdce58979b558d9d"}, {0x2, 0x7, "344a4660ff"}, {0x2, 0x3, "ac"}, {0x0, 0xc, "7961b83d70856e98e7dd"}, {0x1, 0x12, "19212e74c8a0e1f2f284208628f62f01"}]}, @cipso={0x86, 0x17, 0x1, [{0x2, 0x6, "84cb7323"}, {0x7, 0x7, "c6167ff785"}, {0x7, 0x2}, {0x7, 0x2}]}, @timestamp_addr={0x44, 0x2c, 0x5, 0x1, 0x2, [{@local, 0xc1ca}, {@rand_addr=0x64010102, 0x5}, {@private=0xa010100, 0x7d}, {@private=0xa010100, 0x83b}, {@multicast1, 0xc}]}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x3}}, @ip_retopts={{0x98, 0x0, 0x7, {[@cipso={0x86, 0x12, 0x3, [{0x5, 0x2}, {0x7, 0xa, "6d995116892e58e9"}]}, @lsrr={0x83, 0x1b, 0x27, [@rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x3c}, @empty, @loopback, @rand_addr=0x64010100, @broadcast]}, @ra={0x94, 0x4}, @timestamp_addr={0x44, 0x14, 0x94, 0x1, 0xd, [{@remote, 0x80}, {@multicast2, 0x22ba}]}, @timestamp_addr={0x44, 0x2c, 0x82, 0x1, 0x5, [{@loopback, 0x7ff}, {@remote, 0xf}, {@local, 0x6}, {@dev={0xac, 0x14, 0x14, 0x29}, 0x86}, {@empty, 0xffffa739}]}, @timestamp={0x44, 0x14, 0x12, 0x0, 0xa, [0x2d183ad1, 0x1, 0x2, 0x9]}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x9}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x38}}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x9}}], 0x208}, 0x40000)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffff000)

572.020594ms ago: executing program 2 (id=314):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'ip6_vti0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x2000008, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x8}]}, 0x38}}, 0x0)

571.347134ms ago: executing program 3 (id=315):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001480)=@base={0x6, 0x4, 0x8, 0x8}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
socket$kcm(0x11, 0xa, 0x300)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000740)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="18000000020000000000000000ee000095"], &(0x7f00000002c0)='syzkaller\x00', 0x1, 0x0, 0x0, 0x40f00}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x560b0007, &(0x7f0000000000)="259a53f260006d2688a84c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
syz_clone(0xc80ec000, 0x0, 0x0, 0x0, 0x0, 0x0)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000780)={0x2, &(0x7f0000000000)=[{0x9c, 0x38}, {0x6, 0x0, 0x4}]})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r5 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000100)=@o_path={&(0x7f0000000080)='./file0\x00', 0x0, 0x4000, r4}, 0x18)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f0000000340)=ANY=[@ANYRESHEX=r3, @ANYRES32=r4, @ANYBLOB="180000000000000000000000650667f6598b3f9b76c8970600dd00009211e4615d2760a56bb62cac010691c409fffadb2fa30df98d7bb50ea47d5d599ed6098724855fc5575f944e648a88a05f10e1b3971a78fead0363c2baa0e82379b2549d3327ae3d631e1e561c5b59f02c7ad80e3a94b496b5c6a12344ea332da20b3e60c5e557acb163178ede90f937b9ac998d34463ddcf101e2b80ea281c4e0dc6d06f2d22a04a8", @ANYRESDEC], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r6, 0x0, 0x3}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r7 = socket$inet6(0xa, 0x3, 0x3c)
setsockopt$inet6_IPV6_RTHDR(r7, 0x29, 0x39, &(0x7f0000000340)=ANY=[@ANYBLOB="000202"], 0x18)

553.796685ms ago: executing program 2 (id=316):
munmap(&(0x7f000045e000/0x1000)=nil, 0x1000)
bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x18)
munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000)

537.019677ms ago: executing program 2 (id=317):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'lo\x00', <r1=>0x0})
r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f00000003c0)='kfree\x00'}, 0x10)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000140)={r2, 0x58, &(0x7f00000000c0)}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000001823", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000007cc0)=ANY=[@ANYBLOB="3c00000010000305fcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="11110200002006001c0012800b0001006d616373656300030c0002800500030007000000"], 0x3c}, 0x1, 0x0, 0x0, 0x48890}, 0x0)
r5 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000580)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
ioctl$PPPIOCBRIDGECHAN(r5, 0x40047435, &(0x7f0000000780)=0x2)
socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000200)={@empty}, &(0x7f0000000400)=0x14)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x4, 0xb, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000e9c18f78ff7567fc76865c485a2b8820207025000000000020ca28397520207b1af8ff0000001bbfa100000000001007010000f8ffffffb702000008000000b703"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
io_cancel(0x0, 0x0, 0x0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r8, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x94)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
unshare(0x14040080)

501.56749ms ago: executing program 4 (id=318):
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000400)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x88640, 0x0)
ioctl$TCSETS(r4, 0x40045431, &(0x7f00000000c0)={0x0, 0x2, 0x4, 0x0, 0x0, "ff00f7000000000000000000af88008300"})
r5 = syz_open_pts(r4, 0x141601)
write(r5, &(0x7f0000000000)="d5", 0xfffffedf)
close_range(r3, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)

474.732032ms ago: executing program 2 (id=319):
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
socket$kcm(0x2, 0x0, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xffff, 0x20000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x7b53a000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x10)
pwritev2(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x1}], 0x1, 0x7030, 0x2, 0x2)
openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$USBDEVFS_CONTROL(0xffffffffffffffff, 0xc0185500, &(0x7f0000000140)={0x0, 0x30, 0x800, 0xf00, 0x23, 0x4, &(0x7f00000000c0)="cef0a6288037a514c8624020ff361a6561ef9c7cb8f87c7fce0ce0182f720885429d9c"})
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xf, 0x0, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_dev$evdev(&(0x7f0000000040), 0x7fffffffffffffff, 0x630201)
r4 = socket$igmp6(0xa, 0x3, 0x3a)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f00000001c0)={'syztnl1\x00', &(0x7f0000000080)={'erspan0\x00', <r6=>0x0, 0x700, 0x700, 0x804d, 0x0, {{0x3e, 0x4, 0x1, 0x0, 0xf8, 0x65, 0x0, 0x9, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0x11}, @broadcast, {[@ssrr={0x89, 0x17, 0x26, [@local, @empty, @broadcast, @multicast1, @dev={0xac, 0x14, 0x14, 0x29}]}, @lsrr={0x83, 0xb, 0x43, [@loopback, @private=0xa010102]}, @lsrr={0x83, 0x7, 0x79, [@empty]}, @cipso={0x86, 0x55, 0x0, [{0x5, 0x11, "93233bca3393393651d7f39b53c2b5"}, {0x7, 0xf, "2bcef537f53861eebeca967adc"}, {0x1, 0xa, "98b506fa30b48572"}, {0x7, 0x10, "aec7b3957120dc6d235b7f4be67a"}, {0x7, 0xc, "1909976c1b734e575a6c"}, {0x6, 0x9, "385edc43f405ff"}]}, @ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0x13, 0x8a, [@local, @private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010100]}, @timestamp_prespec={0x44, 0x4c, 0x8, 0x3, 0x8, [{@broadcast}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x7}, {@loopback, 0x1}, {@rand_addr=0x499, 0x7fff}, {@private=0xa010102, 0x9}, {@broadcast}, {@multicast1, 0x6}, {@dev={0xac, 0x14, 0x14, 0x1f}, 0x1}, {@multicast1, 0x1000}]}]}}}}})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r4, r6, 0x25, 0x8, @void}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r5, 0x0, 0xfffffffffffffffd}, 0x18)
setsockopt$MRT6_ADD_MFC(r4, 0x29, 0x22, &(0x7f0000000000)={{0xa, 0x0, 0x101, @loopback, 0xa39}, {0xa, 0xfffe, 0xfffffffd, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}, 0x1000, {[0x6, 0x0, 0xffffffff, 0xfffffefb, 0x0, 0x1, 0x2]}}, 0x5c)

302.025395ms ago: executing program 3 (id=320):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="070000000400000020010000010200"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x18)
syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2000006, 0x31, 0xffffffffffffffff, 0xd0fb6000)
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3)

209.923343ms ago: executing program 3 (id=321):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r2, 0x8010661b, &(0x7f0000000000))
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x10001, 0x1, 0x3, 0x8, 0xffffffc0}, 0x4, 0x1, 0x8, 0x0, 0x3, 0x0, 0x16, 0x13, 0x3, 0xca, {0x0, 0x8, 0x3, 0x5, 0x84, 0x8}}}}]}, 0x78}}, 0x0)

163.629967ms ago: executing program 1 (id=322):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000140)=[{&(0x7f0000000080)="580000001400192340834b80040d8c560a067f0200ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000200040010000800014004000000", 0x58}], 0x1)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f0000000340)={0xe8, r3, 0x300, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0x48, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xc2}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x5e}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_NODEID={0xc}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}]}, @TIPC_NLA_MEDIA={0x8c, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffff}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfbc}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xa}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x20048004}, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000006c0)='kfree\x00', r1}, 0x18)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2c, 0x2c, 0x2, [@restrict, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x0, 0x3}]}, @volatile={0x0, 0x0, 0x0, 0x9, 0x3}]}}, &(0x7f0000001b80)=""/4090, 0x46, 0xffa, 0xa}, 0x20)
r4 = dup(0xffffffffffffffff)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x40542, 0x0)
ftruncate(r5, 0xee72)
sendfile(r4, r5, 0x0, 0x8000fffffffe)

135.704629ms ago: executing program 3 (id=323):
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c000280080001400000000014000180090001006cdbf80789f3f947dd00028008000340000001"], 0xe4}}, 0x20050800)
r3 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x2002)
write$evdev(r3, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r4 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
accept4(r4, &(0x7f0000000100)=@l2, &(0x7f0000000040)=0x80, 0x800)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000140)=0x2)
ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x200000000000000)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000240)={0x4, &(0x7f00000001c0)=[{0xb35f, 0x0, 0x10, 0xe70a}, {0x2, 0x6, 0x63, 0x2}, {0x8000, 0x0, 0x7, 0x2}, {0x2, 0xeb, 0x7d, 0xffffffff}]})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f00000007c0)=ANY=[@ANYBLOB="18f6000000000000000000f0390d0d0018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000001f6af0fffcffffffbf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r6}, 0x10)
unshare(0x2040400)
r7 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
unshare(0x2000400)
fsmount(r7, 0x0, 0x0)
r8 = socket(0x2b, 0x1, 0x0)
setsockopt$sock_int(r8, 0x1, 0x2e, &(0x7f0000000040)=0x3, 0x4)

124.8305ms ago: executing program 1 (id=324):
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, &(0x7f0000000040)="ff02040000ffffffffffffffff1f2be82db1af0000000000", 0x18)

90.107333ms ago: executing program 1 (id=325):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r0, &(0x7f00000006c0), &(0x7f0000000000), 0x2}, 0x20)

89.862813ms ago: executing program 1 (id=326):
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b7"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000240)='sched_switch\x00', r1, 0x0, 0xfffffffffffffffe}, 0x18)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000003c0)='./bus\x00', 0xe, &(0x7f0000000540)={[{@resuid}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)

89.630413ms ago: executing program 3 (id=327):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="000000000000000004000000015569f91ca1034934ba4ea1f99e6403ecd0bdf36b4d301822f692561a12c51157f3f29e16df74edd7abf06f7d8d14b1401879a79f46132b78eb518d9c89a2b58edb1dff8405011f448980cd201aca41509ce978c63a1c682ee04ebe8f1114d9e86b900cb62a784b5402731e0df02f2714888b1f5fdfd74ea95bf0ae24026745409ce1d84ebac3072c069b8efa9322f4a516764f3a4a23c68338e16f916d07f7a0b7e8938e5133a0d6371e2ecce98cad33130e9cbd30a043b695a2477ddb8f"], 0x48)
syz_emit_ethernet(0x5e, &(0x7f0000000bc0)=ANY=[@ANYBLOB="90979bbbb736a9954dfac684f292da5e3b512eb73412531b979b0f6f6cd53c8300b98086ddc74c42299bb01ecb882e2c8f478c53b4658429466d71503521f176437fa518fd86e8eff18e9d888a13d5d3891d5b6f387d78c426b8c0254a979ed313096d86f7"], 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000700)={0x3, 0xc, &(0x7f0000000880)=ANY=[@ANYBLOB="180000006df4da28fb3e59110000836a01ff7f0172cd8e6afaf668a7e953412dfdc6e394963f7bb1c82cdb68", @ANYRES16=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x60, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
socket(0xa, 0xa, 0x5)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x0, &(0x7f0000000900)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@init_itable_val={'init_itable', 0x3d, 0xb5}}, {@resuid}, {@lazytime}, {@discard}]}, 0x1, 0x445, &(0x7f0000000200)="$eJzs28tvG0UYAPBv105KX8RU5dEHECiIikfSpKX0wAEQSBxAQoJDOYYkrUrdBjVBolUFBaFyRJW4I45I/AWc4IKAExJX4IwqVSiXFk5Ga+82jmunSbDrEP9+0tYzu+POfJ4de3YnG8DAGs3+SSJ2RMRvETHSyC4vMNp4ubF4cfrvxYvTSdRqb/6V1MtdX7w4XRQt3re9yJQj0k+T2Nem3vnzF05PVauz5/L8+MKZ98bnz1945tSZqZOzJ2fPTh47duTwxHNHJ5/tSpxZXNf3fji3f8+rb195ffr4lXd++iYp4m+Jo0tG2+4tN14er9W6XF1/7WxKJ+U+NoQ1KeWn5FB9/I9EKZY6byRe+aSvjQN6qlar1e7rfPhSDdjEkuh3C4D+KH7os+vfYrtDU48N4dqLjQugLO4b+dY4Uo40LzPUcn3bTaMRcfzSP19mW7Teh9jao0oBgIH2XTb/ebrd/C+N5vtCd+drKJWIuCcidkXE0YjYHRH3RtTL3h8RD6yx/tZFklvnn+nVdQW2Stn87/l8bWv5/K+Y/UWllOd21uMfSk6cqs4eyj+TgzG0JctPrFDH9y//+nmnY83zv2zL6i/mgnk7rpa3LH/PzNTC1H+Judm1jyP2ltvFn9xcCUgiYk9EvLDOOk49+fX+Tsc6xD+8qv+4C+tMta8inmj0/6Voib+QrLw+OX5XVGcPjRdnxa1+/uXyG53qv33/91bW/9vanv9F/H9Ukub12vm113H59886XlOu9/wfTt5atu+DqYWFcxMRw8lr9Xylef9kS7nJpfJZ/AcPtB//u2Lpk9gXEdlJ/GBEPBQRD+dtfyQiHo2IAyvE/+NLj727/vh7K4t/ZsX+j5b+X0oMR+ue9onS6R++XVZpZS3xZ/1/pJ46mO9Zzfffatq1vrMZAAAA/n/SiNgRSTp2M52mY2ONv+HfHdvS6tz8wlMn5t4/O9N4RqASQ2lxp2uk6X7oRH5ZX+QnW/KH8/vGX5S21vNj03PVmX4HDwNue4fxn/mz1O/WAT3neS0YXMY/DC7jHwaX8Q+Dq8349+gZDIh2v/8f9aEdwJ3XMv5XXPYzMYDNxfU/DC7jHwaX8Q8DaX5r3P4h+c2RSCNiAzRjsyQi3RDNkOhRot/fTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN3xbwAAAP//ynflmQ==")
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r2, &(0x7f0000000f80)=""/4096, 0x1000)

0s ago: executing program 1 (id=328):
r0 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000004c0)={'ip6tnl0\x00', &(0x7f0000000740)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x3, 0x0, 0x8, @mcast1, @local, 0x7, 0x7, 0x202, 0x8}})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.32' (ED25519) to the list of known hosts.
[   24.667741][   T29] audit: type=1400 audit(1755876626.217:62): avc:  denied  { mounton } for  pid=3288 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   24.668702][ T3288] cgroup: Unknown subsys name 'net'
[   24.690744][   T29] audit: type=1400 audit(1755876626.217:63): avc:  denied  { mount } for  pid=3288 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   24.719005][   T29] audit: type=1400 audit(1755876626.247:64): avc:  denied  { unmount } for  pid=3288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   24.914410][ T3288] cgroup: Unknown subsys name 'cpuset'
[   24.920817][ T3288] cgroup: Unknown subsys name 'rlimit'
[   25.069918][   T29] audit: type=1400 audit(1755876626.617:65): avc:  denied  { setattr } for  pid=3288 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   25.093851][   T29] audit: type=1400 audit(1755876626.617:66): avc:  denied  { create } for  pid=3288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   25.114656][   T29] audit: type=1400 audit(1755876626.617:67): avc:  denied  { write } for  pid=3288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   25.135740][   T29] audit: type=1400 audit(1755876626.617:68): avc:  denied  { read } for  pid=3288 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   25.148472][ T3293] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   25.156775][   T29] audit: type=1400 audit(1755876626.627:69): avc:  denied  { mounton } for  pid=3288 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   25.190650][   T29] audit: type=1400 audit(1755876626.627:70): avc:  denied  { mount } for  pid=3288 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   25.214482][   T29] audit: type=1400 audit(1755876626.717:71): avc:  denied  { relabelto } for  pid=3293 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   25.239227][ T3288] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   26.448501][ T3306] chnl_net:caif_netlink_parms(): no params data found
[   26.457389][ T3300] chnl_net:caif_netlink_parms(): no params data found
[   26.491274][ T3301] chnl_net:caif_netlink_parms(): no params data found
[   26.536710][ T3303] chnl_net:caif_netlink_parms(): no params data found
[   26.582250][ T3306] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.589377][ T3306] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.596603][ T3306] bridge_slave_0: entered allmulticast mode
[   26.603131][ T3306] bridge_slave_0: entered promiscuous mode
[   26.626019][ T3306] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.633086][ T3306] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.640353][ T3306] bridge_slave_1: entered allmulticast mode
[   26.646907][ T3306] bridge_slave_1: entered promiscuous mode
[   26.670202][ T3300] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.677363][ T3300] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.684701][ T3300] bridge_slave_0: entered allmulticast mode
[   26.690975][ T3300] bridge_slave_0: entered promiscuous mode
[   26.706116][ T3301] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.713319][ T3301] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.720592][ T3301] bridge_slave_0: entered allmulticast mode
[   26.727202][ T3301] bridge_slave_0: entered promiscuous mode
[   26.738020][ T3303] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.745224][ T3303] bridge0: port 1(bridge_slave_0) entered disabled state
[   26.752316][ T3303] bridge_slave_0: entered allmulticast mode
[   26.758853][ T3303] bridge_slave_0: entered promiscuous mode
[   26.765443][ T3300] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.772490][ T3300] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.779907][ T3300] bridge_slave_1: entered allmulticast mode
[   26.786241][ T3300] bridge_slave_1: entered promiscuous mode
[   26.793457][ T3306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   26.802650][ T3301] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.809822][ T3301] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.817139][ T3301] bridge_slave_1: entered allmulticast mode
[   26.823484][ T3301] bridge_slave_1: entered promiscuous mode
[   26.834460][ T3303] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.841536][ T3303] bridge0: port 2(bridge_slave_1) entered disabled state
[   26.848734][ T3303] bridge_slave_1: entered allmulticast mode
[   26.856014][ T3303] bridge_slave_1: entered promiscuous mode
[   26.867373][ T3306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   26.903135][ T3300] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   26.920081][ T3301] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   26.930099][ T3303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   26.940201][ T3301] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   26.954134][ T3300] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   26.963656][ T3312] chnl_net:caif_netlink_parms(): no params data found
[   26.973175][ T3303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   26.990452][ T3306] team0: Port device team_slave_0 added
[   27.017624][ T3306] team0: Port device team_slave_1 added
[   27.029480][ T3300] team0: Port device team_slave_0 added
[   27.040422][ T3303] team0: Port device team_slave_0 added
[   27.046940][ T3301] team0: Port device team_slave_0 added
[   27.057974][ T3300] team0: Port device team_slave_1 added
[   27.070909][ T3303] team0: Port device team_slave_1 added
[   27.082207][ T3301] team0: Port device team_slave_1 added
[   27.092300][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_0
[   27.099268][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   27.125367][ T3306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   27.150914][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_1
[   27.158257][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   27.184551][ T3306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   27.200777][ T3303] batman_adv: batadv0: Adding interface: batadv_slave_0
[   27.207747][ T3303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   27.233856][ T3303] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   27.248969][ T3300] batman_adv: batadv0: Adding interface: batadv_slave_0
[   27.255984][ T3300] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   27.282254][ T3300] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   27.298941][ T3303] batman_adv: batadv0: Adding interface: batadv_slave_1
[   27.306088][ T3303] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   27.332383][ T3303] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   27.344031][ T3301] batman_adv: batadv0: Adding interface: batadv_slave_0
[   27.351062][ T3301] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   27.377335][ T3301] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   27.388367][ T3300] batman_adv: batadv0: Adding interface: batadv_slave_1
[   27.395573][ T3300] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   27.421719][ T3300] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   27.450417][ T3301] batman_adv: batadv0: Adding interface: batadv_slave_1
[   27.457453][ T3301] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   27.483435][ T3301] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   27.499766][ T3312] bridge0: port 1(bridge_slave_0) entered blocking state
[   27.506870][ T3312] bridge0: port 1(bridge_slave_0) entered disabled state
[   27.515013][ T3312] bridge_slave_0: entered allmulticast mode
[   27.521517][ T3312] bridge_slave_0: entered promiscuous mode
[   27.528882][ T3312] bridge0: port 2(bridge_slave_1) entered blocking state
[   27.536010][ T3312] bridge0: port 2(bridge_slave_1) entered disabled state
[   27.543456][ T3312] bridge_slave_1: entered allmulticast mode
[   27.549852][ T3312] bridge_slave_1: entered promiscuous mode
[   27.558414][ T3306] hsr_slave_0: entered promiscuous mode
[   27.564602][ T3306] hsr_slave_1: entered promiscuous mode
[   27.595093][ T3312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   27.605719][ T3312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   27.650347][ T3301] hsr_slave_0: entered promiscuous mode
[   27.656651][ T3301] hsr_slave_1: entered promiscuous mode
[   27.662368][ T3301] debugfs: 'hsr0' already exists in 'hsr'
[   27.668213][ T3301] Cannot create hsr debugfs directory
[   27.676038][ T3300] hsr_slave_0: entered promiscuous mode
[   27.682107][ T3300] hsr_slave_1: entered promiscuous mode
[   27.688130][ T3300] debugfs: 'hsr0' already exists in 'hsr'
[   27.693937][ T3300] Cannot create hsr debugfs directory
[   27.701567][ T3303] hsr_slave_0: entered promiscuous mode
[   27.707692][ T3303] hsr_slave_1: entered promiscuous mode
[   27.713734][ T3303] debugfs: 'hsr0' already exists in 'hsr'
[   27.719695][ T3303] Cannot create hsr debugfs directory
[   27.732234][ T3312] team0: Port device team_slave_0 added
[   27.738925][ T3312] team0: Port device team_slave_1 added
[   27.782569][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_0
[   27.789693][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   27.815893][ T3312] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   27.833756][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_1
[   27.840836][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   27.867096][ T3312] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   27.963998][ T3312] hsr_slave_0: entered promiscuous mode
[   27.970160][ T3312] hsr_slave_1: entered promiscuous mode
[   27.976986][ T3312] debugfs: 'hsr0' already exists in 'hsr'
[   27.982700][ T3312] Cannot create hsr debugfs directory
[   28.066981][ T3306] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   28.085165][ T3306] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   28.096096][ T3306] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   28.108917][ T3306] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   28.123961][ T3300] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   28.138555][ T3300] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   28.147825][ T3300] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   28.160295][ T3300] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   28.179474][ T3303] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   28.188953][ T3303] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   28.205135][ T3303] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   28.224213][ T3303] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   28.252926][ T3301] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   28.262298][ T3301] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   28.276929][ T3301] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   28.288280][ T3301] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   28.320838][ T3312] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   28.331703][ T3306] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.341885][ T3312] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   28.356477][ T3312] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   28.369063][ T3312] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   28.385753][ T3306] 8021q: adding VLAN 0 to HW filter on device team0
[   28.414272][ T3300] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.425196][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.432364][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.449972][ T3300] 8021q: adding VLAN 0 to HW filter on device team0
[   28.461875][ T2894] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.469112][ T2894] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.482034][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.489487][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.505828][ T3303] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.527738][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.535029][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.577272][ T3303] 8021q: adding VLAN 0 to HW filter on device team0
[   28.588689][ T3301] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.612491][ T3301] 8021q: adding VLAN 0 to HW filter on device team0
[   28.621941][  T579] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.629064][  T579] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.639550][  T579] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.646818][  T579] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.670401][  T579] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.677511][  T579] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.686737][  T579] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.694142][  T579] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.706578][ T3303] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   28.725654][ T3300] 8021q: adding VLAN 0 to HW filter on device batadv0
[   28.738235][ T3312] 8021q: adding VLAN 0 to HW filter on device bond0
[   28.756361][ T3306] 8021q: adding VLAN 0 to HW filter on device batadv0
[   28.770973][ T3301] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   28.781548][ T3301] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   28.812069][ T3312] 8021q: adding VLAN 0 to HW filter on device team0
[   28.828404][ T2894] bridge0: port 1(bridge_slave_0) entered blocking state
[   28.835503][ T2894] bridge0: port 1(bridge_slave_0) entered forwarding state
[   28.858462][ T2894] bridge0: port 2(bridge_slave_1) entered blocking state
[   28.865629][ T2894] bridge0: port 2(bridge_slave_1) entered forwarding state
[   28.881272][ T3303] 8021q: adding VLAN 0 to HW filter on device batadv0
[   28.898605][ T3312] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   28.909042][ T3312] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   28.951390][ T3306] veth0_vlan: entered promiscuous mode
[   28.967312][ T3301] 8021q: adding VLAN 0 to HW filter on device batadv0
[   28.978401][ T3306] veth1_vlan: entered promiscuous mode
[   29.008401][ T3300] veth0_vlan: entered promiscuous mode
[   29.030227][ T3306] veth0_macvtap: entered promiscuous mode
[   29.043139][ T3300] veth1_vlan: entered promiscuous mode
[   29.054400][ T3312] 8021q: adding VLAN 0 to HW filter on device batadv0
[   29.064551][ T3306] veth1_macvtap: entered promiscuous mode
[   29.096573][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_0
[   29.110513][ T3303] veth0_vlan: entered promiscuous mode
[   29.120400][ T3300] veth0_macvtap: entered promiscuous mode
[   29.129404][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_1
[   29.142484][ T3303] veth1_vlan: entered promiscuous mode
[   29.150959][ T3300] veth1_macvtap: entered promiscuous mode
[   29.160918][   T41] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   29.183377][ T3303] veth0_macvtap: entered promiscuous mode
[   29.195122][  T579] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   29.216359][ T3300] batman_adv: batadv0: Interface activated: batadv_slave_0
[   29.225692][  T579] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   29.236214][ T3300] batman_adv: batadv0: Interface activated: batadv_slave_1
[   29.251957][ T3312] veth0_vlan: entered promiscuous mode
[   29.258589][ T3303] veth1_macvtap: entered promiscuous mode
[   29.267379][  T579] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   29.280822][   T48] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   29.298883][ T3303] batman_adv: batadv0: Interface activated: batadv_slave_0
[   29.306442][   T48] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   29.317543][ T3303] batman_adv: batadv0: Interface activated: batadv_slave_1
[   29.331442][ T3306] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   29.332993][   T48] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   29.355620][ T3312] veth1_vlan: entered promiscuous mode
[   29.367493][ T3301] veth0_vlan: entered promiscuous mode
[   29.405482][ T3301] veth1_vlan: entered promiscuous mode
[   29.411600][   T48] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   29.456848][ T3312] veth0_macvtap: entered promiscuous mode
[   29.474765][   T48] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   29.483709][   T48] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   29.494628][ T3312] veth1_macvtap: entered promiscuous mode
[   29.505051][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_0
[   29.514941][ T3473] loop0: detected capacity change from 0 to 1024
[   29.521583][   T48] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   29.534560][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_1
[   29.542822][ T3473] =======================================================
[   29.542822][ T3473] WARNING: The mand mount option has been deprecated and
[   29.542822][ T3473]          and is ignored by this kernel. Remove the mand
[   29.542822][ T3473]          option from the mount to silence this warning.
[   29.542822][ T3473] =======================================================
[   29.583474][ T3301] veth0_macvtap: entered promiscuous mode
[   29.593712][ T3476] FAULT_INJECTION: forcing a failure.
[   29.593712][ T3476] name failslab, interval 1, probability 0, space 0, times 1
[   29.593790][ T3476] CPU: 1 UID: 0 PID: 3476 Comm: syz.1.2 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   29.593813][ T3476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   29.593823][ T3476] Call Trace:
[   29.593829][ T3476]  <TASK>
[   29.593835][ T3476]  __dump_stack+0x1d/0x30
[   29.593870][ T3476]  dump_stack_lvl+0xe8/0x140
[   29.593887][ T3476]  dump_stack+0x15/0x1b
[   29.593922][ T3476]  should_fail_ex+0x265/0x280
[   29.593940][ T3476]  ? nft_netdev_hook_alloc+0x3b/0x340
[   29.593964][ T3476]  should_failslab+0x8c/0xb0
[   29.594014][ T3476]  __kmalloc_cache_noprof+0x4c/0x320
[   29.594044][ T3476]  nft_netdev_hook_alloc+0x3b/0x340
[   29.594067][ T3476]  nf_tables_parse_netdev_hooks+0xcf/0x570
[   29.594145][ T3476]  nft_flowtable_parse_hook+0x2c6/0x450
[   29.594175][ T3476]  nf_tables_newflowtable+0xced/0x1380
[   29.594200][ T3476]  nfnetlink_rcv+0xb99/0x1690
[   29.594263][ T3476]  netlink_unicast+0x5c0/0x690
[   29.594367][ T3476]  netlink_sendmsg+0x58b/0x6b0
[   29.594397][ T3476]  ? __pfx_netlink_sendmsg+0x10/0x10
[   29.594419][ T3476]  __sock_sendmsg+0x145/0x180
[   29.594447][ T3476]  ____sys_sendmsg+0x31e/0x4e0
[   29.594535][ T3476]  ___sys_sendmsg+0x17b/0x1d0
[   29.594564][ T3476]  __x64_sys_sendmsg+0xd4/0x160
[   29.594647][ T3476]  x64_sys_call+0x191e/0x2ff0
[   29.594669][ T3476]  do_syscall_64+0xd2/0x200
[   29.594695][ T3476]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   29.594716][ T3476]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   29.594736][ T3476]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   29.594788][ T3476] RIP: 0033:0x7fbeeb65ebe9
[   29.594835][ T3476] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   29.594848][ T3476] RSP: 002b:00007fbeea0bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   29.594869][ T3476] RAX: ffffffffffffffda RBX: 00007fbeeb885fa0 RCX: 00007fbeeb65ebe9
[   29.594879][ T3476] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[   29.594890][ T3476] RBP: 00007fbeea0bf090 R08: 0000000000000000 R09: 0000000000000000
[   29.594900][ T3476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   29.594910][ T3476] R13: 00007fbeeb886038 R14: 00007fbeeb885fa0 R15: 00007ffc8054c278
[   29.594925][ T3476]  </TASK>
[   29.598151][ T3301] veth1_macvtap: entered promiscuous mode
[   29.616403][   T48] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   29.630864][   T48] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   29.631890][ T3301] batman_adv: batadv0: Interface activated: batadv_slave_0
[   29.631914][   T48] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   29.646458][   T48] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   29.646495][   T48] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   29.653882][ T3301] batman_adv: batadv0: Interface activated: batadv_slave_1
[   29.656928][   T41] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   29.657001][   T41] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   29.657033][   T41] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   29.657115][   T41] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   29.666688][ T3473] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   29.675163][ T3476] syz.1.2 (3476) used greatest stack depth: 10792 bytes left
[   29.677670][   T29] kauditd_printk_skb: 55 callbacks suppressed
[   29.677683][   T29] audit: type=1400 audit(1755876631.227:127): avc:  denied  { mount } for  pid=3471 comm="syz.0.1" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[   29.688578][ T3473] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.1: Allocating blocks 497-513 which overlap fs metadata
[   29.697683][   T29] audit: type=1326 audit(1755876631.227:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3471 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7420f3d550 code=0x7ffc0000
[   29.746194][ T3473] EXT4-fs (loop0): pa ffff8881075ff070: logic 256, phys. 369, len 9
[   29.746353][   T29] audit: type=1326 audit(1755876631.227:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3471 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f7420f3d937 code=0x7ffc0000
[   29.751531][ T3473] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, 
[   29.756250][   T29] audit: type=1326 audit(1755876631.227:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3471 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7420f3d550 code=0x7ffc0000
[   29.756274][   T29] audit: type=1326 audit(1755876631.227:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3471 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7420f3ebe9 code=0x7ffc0000
[   29.756373][   T29] audit: type=1326 audit(1755876631.227:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3471 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7420f3ebe9 code=0x7ffc0000
[   29.761418][ T3473] free 0, pa_free 1
[   29.765946][   T29] audit: type=1326 audit(1755876631.237:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3471 comm="syz.0.1" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f7420f3ebe9 code=0x7ffc0000
[   29.798034][ T3473] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, 
[   29.798154][   T29] audit: type=1400 audit(1755876631.237:134): avc:  denied  { add_name } for  pid=3471 comm="syz.0.1" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   29.802615][ T3473] inode 18: 
[   29.822486][   T29] audit: type=1400 audit(1755876631.237:135): avc:  denied  { create } for  pid=3471 comm="syz.0.1" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   29.822513][   T29] audit: type=1400 audit(1755876631.237:136): avc:  denied  { read write open } for  pid=3471 comm="syz.0.1" path="/0/file1/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[   30.270287][ T3473] block 129:freeing already freed block (bit 8); block bitmap corrupt.
[   30.341302][ T3497] loop2: detected capacity change from 0 to 512
[   30.353591][ T3497] EXT4-fs: Ignoring removed nobh option
[   30.355097][ T3496] loop1: detected capacity change from 0 to 512
[   30.368696][ T3495] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4'.
[   30.390395][ T3497] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   30.412697][ T3496] lo speed is unknown, defaulting to 1000
[   30.414363][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   30.421983][ T3496] lo speed is unknown, defaulting to 1000
[   30.471850][ T3496] lo speed is unknown, defaulting to 1000
[   30.473721][ T3497] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #3: comm syz.2.8: corrupted inode contents
[   30.492039][ T3496] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[   30.494343][ T3501] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=48 sclass=netlink_tcpdiag_socket pid=3501 comm=syz.3.11
[   30.500173][ T3496] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[   30.536294][ T3505] loop1: detected capacity change from 0 to 164
[   30.545436][ T3497] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #3: comm syz.2.8: mark_inode_dirty error
[   30.557483][ T3497] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #3: comm syz.2.8: corrupted inode contents
[   30.557811][ T3506] loop0: detected capacity change from 0 to 128
[   30.589786][ T3496] lo speed is unknown, defaulting to 1000
[   30.596189][ T3496] lo speed is unknown, defaulting to 1000
[   30.602462][ T3496] lo speed is unknown, defaulting to 1000
[   30.611763][ T3496] lo speed is unknown, defaulting to 1000
[   30.617610][ T3497] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #3: comm syz.2.8: mark_inode_dirty error
[   30.625496][ T3497] EXT4-fs error (device loop2): ext4_acquire_dquot:6937: comm syz.2.8: Failed to acquire dquot type 0
[   30.630355][ T3496] lo speed is unknown, defaulting to 1000
[   30.654496][ T3506] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   30.676387][ T3497] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.8: corrupted inode contents
[   30.696779][ T3506] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   30.707885][ T3497] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #16: comm syz.2.8: mark_inode_dirty error
[   30.710120][ T3516] loop3: detected capacity change from 0 to 1024
[   30.728026][ T3497] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.8: corrupted inode contents
[   30.747254][ T3506] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10'.
[   30.756428][ T3497] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #16: comm syz.2.8: mark_inode_dirty error
[   30.780416][ T3497] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.8: corrupted inode contents
[   30.792546][   T12] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   30.801736][ T3496] syz.1.9 (3496) used greatest stack depth: 10712 bytes left
[   30.821669][ T3497] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem
[   30.831025][ T3497] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #16: comm syz.2.8: corrupted inode contents
[   30.861748][ T3497] EXT4-fs error (device loop2): ext4_truncate:4666: inode #16: comm syz.2.8: mark_inode_dirty error
[   30.873387][ T3497] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem
[   30.886562][ T3497] EXT4-fs (loop2): 1 truncate cleaned up
[   30.893099][ T3497] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   30.923292][ T3497] ext4 filesystem being mounted at /1/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   31.004667][ T3497] syz.2.8 (3497) used greatest stack depth: 9760 bytes left
[   31.018881][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   31.030667][ T3533] syzkaller1: tun_chr_ioctl cmd 2147767506
[   31.034662][ T3523] netlink: 4 bytes leftover after parsing attributes in process `syz.0.14'.
[   31.131203][ T3536] loop1: detected capacity change from 0 to 512
[   31.138426][ T3536] EXT4-fs: Ignoring removed mblk_io_submit option
[   31.152067][ T3536] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[   31.164879][ T3536] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   31.173040][ T3536] EXT4-fs (loop1): orphan cleanup on readonly fs
[   31.181151][ T3536] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.16: Invalid block bitmap block 0 in block_group 0
[   31.201814][ T3536] EXT4-fs (loop1): Remounting filesystem read-only
[   31.208752][ T3536] EXT4-fs (loop1): 1 orphan inode deleted
[   31.549830][ T3536] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   31.612700][ T3532] lo speed is unknown, defaulting to 1000
[   31.656664][ T3544] netlink: 4 bytes leftover after parsing attributes in process `syz.0.21'.
[   31.665343][    C1] hrtimer: interrupt took 37192 ns
[   31.817608][ T3536] syz.1.16 (3536) used greatest stack depth: 9592 bytes left
[   31.825783][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   31.865333][ T3548] netlink: 8 bytes leftover after parsing attributes in process `syz.3.20'.
[   31.889906][ T3551] loop1: detected capacity change from 0 to 512
[   31.910590][ T3551] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   31.928091][ T3543] lo speed is unknown, defaulting to 1000
[   31.938468][ T3548] IPVS: Error joining to the multicast group
[   31.945063][ T3551] EXT4-fs (loop1): 1 truncate cleaned up
[   31.966034][ T3551] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   32.057123][ T3554] loop3: detected capacity change from 0 to 512
[   32.086643][ T3551] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   32.127426][ T3564] loop4: detected capacity change from 0 to 128
[   32.144896][ T3554] EXT4-fs error (device loop3): ext4_acquire_dquot:6937: comm syz.3.20: Failed to acquire dquot type 1
[   32.175364][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.185337][ T3554] EXT4-fs (loop3): 1 truncate cleaned up
[   32.206153][ T3566] netlink: 8 bytes leftover after parsing attributes in process `syz.0.25'.
[   32.228569][ T3554] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   32.252011][ T3564] syz.4.26: attempt to access beyond end of device
[   32.252011][ T3564] loop4: rw=2049, sector=137, nr_sectors = 8 limit=128
[   32.268908][ T3554] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   32.282920][ T3564] syz.4.26: attempt to access beyond end of device
[   32.282920][ T3564] loop4: rw=2049, sector=153, nr_sectors = 8 limit=128
[   32.300149][ T3573] loop0: detected capacity change from 0 to 512
[   32.324333][ T3564] syz.4.26: attempt to access beyond end of device
[   32.324333][ T3564] loop4: rw=2049, sector=169, nr_sectors = 8 limit=128
[   32.379494][ T3564] syz.4.26: attempt to access beyond end of device
[   32.379494][ T3564] loop4: rw=2049, sector=185, nr_sectors = 8 limit=128
[   32.405472][ T3548] netlink: 32 bytes leftover after parsing attributes in process `syz.3.20'.
[   32.470343][ T3564] syz.4.26: attempt to access beyond end of device
[   32.470343][ T3564] loop4: rw=2049, sector=201, nr_sectors = 8 limit=128
[   32.509816][ T3569] loop1: detected capacity change from 0 to 512
[   32.518769][ T3564] syz.4.26: attempt to access beyond end of device
[   32.518769][ T3564] loop4: rw=2049, sector=217, nr_sectors = 8 limit=128
[   32.555779][ T3573] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.25: Failed to acquire dquot type 1
[   32.564336][ T3566] IPVS: Error joining to the multicast group
[   32.577685][ T3564] syz.4.26: attempt to access beyond end of device
[   32.577685][ T3564] loop4: rw=2049, sector=233, nr_sectors = 8 limit=128
[   32.591545][ T3564] syz.4.26: attempt to access beyond end of device
[   32.591545][ T3564] loop4: rw=2049, sector=249, nr_sectors = 8 limit=128
[   32.605292][ T3564] syz.4.26: attempt to access beyond end of device
[   32.605292][ T3564] loop4: rw=2049, sector=265, nr_sectors = 8 limit=128
[   32.627380][ T3564] syz.4.26: attempt to access beyond end of device
[   32.627380][ T3564] loop4: rw=2049, sector=281, nr_sectors = 8 limit=128
[   32.657798][ T3573] EXT4-fs (loop0): 1 truncate cleaned up
[   32.681806][ T3559] lo speed is unknown, defaulting to 1000
[   32.713401][ T3573] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   32.799081][ T3573] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   32.923492][ T3566] netlink: 32 bytes leftover after parsing attributes in process `syz.0.25'.
[   32.941118][ T3596] loop1: detected capacity change from 0 to 512
[   32.968577][ T3596] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   33.014845][ T3596] EXT4-fs (loop1): 1 truncate cleaned up
[   33.061784][ T3596] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   33.104377][ T3596] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.171660][ T3614] loop4: detected capacity change from 0 to 1024
[   33.181744][ T3614] EXT4-fs: Ignoring removed orlov option
[   33.220807][ T3614] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   33.273515][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.369532][ T3627] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=48 sclass=netlink_tcpdiag_socket pid=3627 comm=syz.1.36
[   33.470193][ T3635] loop1: detected capacity change from 0 to 1024
[   33.498357][ T3635] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   33.553080][ T3635] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[   33.665618][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.675496][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.726733][ T3652] netlink: 4 bytes leftover after parsing attributes in process `syz.3.42'.
[   33.730484][ T3651] netlink: 4 bytes leftover after parsing attributes in process `syz.1.41'.
[   33.769753][ T3651] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   33.777421][ T3651] batman_adv: batadv0: Removing interface: batadv_slave_0
[   33.793398][ T3651] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   33.793416][ T3651] batman_adv: batadv0: Removing interface: batadv_slave_1
[   33.861671][ T3656] syzkaller0: entered promiscuous mode
[   33.867291][ T3656] syzkaller0: entered allmulticast mode
[   33.894092][ T3553] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set
[   34.017914][ T3665] loop1: detected capacity change from 0 to 512
[   34.042702][ T3671] loop3: detected capacity change from 0 to 1024
[   34.043518][ T3673] loop4: detected capacity change from 0 to 1024
[   34.058654][ T3665] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   34.080560][ T3673] EXT4-fs: Ignoring removed orlov option
[   34.087802][ T3671] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   34.118876][ T3665] EXT4-fs (loop1): 1 truncate cleaned up
[   34.137933][ T3665] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   34.173381][ T3673] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.190612][ T3679] loop2: detected capacity change from 0 to 1024
[   34.209957][ T3665] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   34.220631][ T3671] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.49: Allocating blocks 497-513 which overlap fs metadata
[   34.264697][ T3679] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   34.302553][ T3679] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.314294][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.334281][ T3671] EXT4-fs (loop3): pa ffff88810765a0e0: logic 256, phys. 369, len 9
[   34.342446][ T3671] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   34.355118][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.364915][ T3671] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[   34.460812][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.472461][ T3692] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   34.494647][ T3696] loop2: detected capacity change from 0 to 512
[   34.521862][ T3696] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   34.564919][ T3696] EXT4-fs (loop2): 1 truncate cleaned up
[   34.571068][ T3696] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   34.591945][ T3696] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   34.634945][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.647834][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.702247][   T29] kauditd_printk_skb: 298 callbacks suppressed
[   34.702263][   T29] audit: type=1326 audit(1755876636.247:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3708 comm="syz.1.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeeb65ebe9 code=0x7ffc0000
[   34.735556][ T3721] syzkaller0: entered promiscuous mode
[   34.741045][ T3721] syzkaller0: entered allmulticast mode
[   34.760074][   T29] audit: type=1326 audit(1755876636.247:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3708 comm="syz.1.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbeeb65ebe9 code=0x7ffc0000
[   34.767024][ T3724] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=48 sclass=netlink_tcpdiag_socket pid=3724 comm=syz.1.63
[   34.783672][   T29] audit: type=1326 audit(1755876636.247:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3708 comm="syz.1.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeeb65ebe9 code=0x7ffc0000
[   34.819911][   T29] audit: type=1326 audit(1755876636.247:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3708 comm="syz.1.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fbeeb65ebe9 code=0x7ffc0000
[   34.843543][   T29] audit: type=1326 audit(1755876636.297:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3708 comm="syz.1.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeeb65ebe9 code=0x7ffc0000
[   34.891932][ T3728] loop1: detected capacity change from 0 to 1024
[   34.906495][   T29] audit: type=1400 audit(1755876636.367:431): avc:  denied  { bind } for  pid=3719 comm="syz.4.61" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   34.926764][   T29] audit: type=1400 audit(1755876636.377:432): avc:  denied  { setopt } for  pid=3719 comm="syz.4.61" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   34.947256][   T29] audit: type=1326 audit(1755876636.417:433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3727 comm="syz.1.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbeeb65ebe9 code=0x7ffc0000
[   34.950422][ T3737] FAULT_INJECTION: forcing a failure.
[   34.950422][ T3737] name failslab, interval 1, probability 0, space 0, times 0
[   34.971421][   T29] audit: type=1326 audit(1755876636.417:434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3727 comm="syz.1.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fbeeb65ebe9 code=0x7ffc0000
[   34.983857][ T3737] CPU: 0 UID: 0 PID: 3737 Comm: syz.4.61 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   34.983917][ T3737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   34.983929][ T3737] Call Trace:
[   34.983937][ T3737]  <TASK>
[   34.983945][ T3737]  __dump_stack+0x1d/0x30
[   34.984038][ T3737]  dump_stack_lvl+0xe8/0x140
[   34.984055][ T3737]  dump_stack+0x15/0x1b
[   34.984071][ T3737]  should_fail_ex+0x265/0x280
[   34.984093][ T3737]  should_failslab+0x8c/0xb0
[   34.984119][ T3737]  kmem_cache_alloc_node_noprof+0x57/0x320
[   34.984175][ T3737]  ? __alloc_skb+0x101/0x320
[   34.984207][ T3737]  __alloc_skb+0x101/0x320
[   34.984237][ T3737]  netlink_alloc_large_skb+0xba/0xf0
[   34.984285][ T3737]  netlink_sendmsg+0x3cf/0x6b0
[   34.984307][ T3737]  ? __pfx_netlink_sendmsg+0x10/0x10
[   34.984327][ T3737]  __sock_sendmsg+0x145/0x180
[   34.984354][ T3737]  __sys_sendto+0x268/0x330
[   34.984476][ T3737]  __x64_sys_sendto+0x76/0x90
[   34.984494][ T3737]  x64_sys_call+0x2d05/0x2ff0
[   34.984518][ T3737]  do_syscall_64+0xd2/0x200
[   34.984543][ T3737]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   34.984608][ T3737]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   34.984631][ T3737]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   34.984652][ T3737] RIP: 0033:0x7ff9a68debe9
[   34.984668][ T3737] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   34.984750][ T3737] RSP: 002b:00007ff9a52fd038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   34.984791][ T3737] RAX: ffffffffffffffda RBX: 00007ff9a6b06180 RCX: 00007ff9a68debe9
[   34.984803][ T3737] RDX: 0000000000000078 RSI: 0000200000000440 RDI: 000000000000000a
[   34.984816][ T3737] RBP: 00007ff9a52fd090 R08: 0000000000000000 R09: 0000000000000000
[   34.984828][ T3737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   34.984839][ T3737] R13: 00007ff9a6b06218 R14: 00007ff9a6b06180 R15: 00007fff183884e8
[   34.984933][ T3737]  </TASK>
[   34.992177][ T3728] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   35.007072][   T29] audit: type=1326 audit(1755876636.417:435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3727 comm="syz.1.65" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fbeeb65ec23 code=0x7ffc0000
[   35.011068][ T3722] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   35.025103][ T3728] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.65: Allocating blocks 497-513 which overlap fs metadata
[   35.264937][ T3728] EXT4-fs (loop1): pa ffff88810765a150: logic 256, phys. 369, len 9
[   35.273330][ T3728] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   35.285091][ T3728] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[   35.314709][ T3722] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   35.329521][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.388872][ T3750] loop3: detected capacity change from 0 to 512
[   35.401170][ T3752] loop2: detected capacity change from 0 to 1024
[   35.431232][ T3722] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   35.439354][ T3752] EXT4-fs: Ignoring removed orlov option
[   35.451173][ T3754] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=48 sclass=netlink_tcpdiag_socket pid=3754 comm=syz.3.74
[   35.467769][ T3752] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   35.492771][ T3757] loop1: detected capacity change from 0 to 1024
[   35.516178][ T3757] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   35.533373][ T3722] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   35.561950][ T3763] loop0: detected capacity change from 0 to 128
[   35.599585][ T3757] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[   35.627954][  T579] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   35.650682][ T3539] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   35.680591][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.703457][ T3539] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   35.727445][   T48] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   35.809033][ T3774] loop4: detected capacity change from 0 to 1024
[   35.826060][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.874222][ T3774] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   35.907976][ T3774] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4183: comm syz.4.80: Allocating blocks 497-513 which overlap fs metadata
[   35.924975][ T3774] EXT4-fs (loop4): pa ffff88810765a2a0: logic 256, phys. 369, len 9
[   35.933289][ T3774] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   35.947011][ T3774] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[   35.979010][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.994842][ T3784] loop2: detected capacity change from 0 to 512
[   36.005995][ T3784] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[   36.023723][ T3784] EXT4-fs (loop2): orphan cleanup on readonly fs
[   36.031652][ T3784] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:517: comm syz.2.83: Block bitmap for bg 0 marked uninitialized
[   36.047228][ T3784] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6657: Corrupt filesystem
[   36.059384][ T3784] EXT4-fs (loop2): 1 orphan inode deleted
[   36.069027][ T3784] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   36.093221][ T3791] FAULT_INJECTION: forcing a failure.
[   36.093221][ T3791] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   36.106572][ T3791] CPU: 0 UID: 0 PID: 3791 Comm: syz.4.85 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   36.106598][ T3791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   36.106608][ T3791] Call Trace:
[   36.106615][ T3791]  <TASK>
[   36.106623][ T3791]  __dump_stack+0x1d/0x30
[   36.106645][ T3791]  dump_stack_lvl+0xe8/0x140
[   36.106679][ T3791]  dump_stack+0x15/0x1b
[   36.106695][ T3791]  should_fail_ex+0x265/0x280
[   36.106716][ T3791]  should_fail+0xb/0x20
[   36.106732][ T3791]  should_fail_usercopy+0x1a/0x20
[   36.106768][ T3791]  _copy_to_user+0x20/0xa0
[   36.106795][ T3791]  simple_read_from_buffer+0xb5/0x130
[   36.106818][ T3791]  proc_fail_nth_read+0x10e/0x150
[   36.106921][ T3791]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   36.106946][ T3791]  vfs_read+0x1a8/0x770
[   36.106974][ T3791]  ? __rcu_read_unlock+0x4f/0x70
[   36.107069][ T3791]  ? __fget_files+0x184/0x1c0
[   36.107091][ T3791]  ksys_read+0xda/0x1a0
[   36.107110][ T3791]  __x64_sys_read+0x40/0x50
[   36.107129][ T3791]  x64_sys_call+0x27bc/0x2ff0
[   36.107152][ T3791]  do_syscall_64+0xd2/0x200
[   36.107217][ T3791]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   36.107239][ T3791]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   36.107260][ T3791]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   36.107278][ T3791] RIP: 0033:0x7ff9a68dd5fc
[   36.107319][ T3791] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   36.107384][ T3791] RSP: 002b:00007ff9a533f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   36.107403][ T3791] RAX: ffffffffffffffda RBX: 00007ff9a6b05fa0 RCX: 00007ff9a68dd5fc
[   36.107416][ T3791] RDX: 000000000000000f RSI: 00007ff9a533f0a0 RDI: 0000000000000005
[   36.107426][ T3791] RBP: 00007ff9a533f090 R08: 0000000000000000 R09: 0000000000000000
[   36.107437][ T3791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   36.107449][ T3791] R13: 00007ff9a6b06038 R14: 00007ff9a6b05fa0 R15: 00007fff183884e8
[   36.107467][ T3791]  </TASK>
[   36.112409][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.133829][ T3793] __nla_validate_parse: 2 callbacks suppressed
[   36.133843][ T3793] netlink: 28 bytes leftover after parsing attributes in process `syz.1.86'.
[   36.337870][ T3793] netlink: 28 bytes leftover after parsing attributes in process `syz.1.86'.
[   36.361961][ T3802] FAULT_INJECTION: forcing a failure.
[   36.361961][ T3802] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   36.375108][ T3802] CPU: 1 UID: 0 PID: 3802 Comm: syz.3.89 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   36.375133][ T3802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   36.375144][ T3802] Call Trace:
[   36.375224][ T3802]  <TASK>
[   36.375232][ T3802]  __dump_stack+0x1d/0x30
[   36.375256][ T3802]  dump_stack_lvl+0xe8/0x140
[   36.375273][ T3802]  dump_stack+0x15/0x1b
[   36.375289][ T3802]  should_fail_ex+0x265/0x280
[   36.375313][ T3802]  should_fail+0xb/0x20
[   36.375329][ T3802]  should_fail_usercopy+0x1a/0x20
[   36.375379][ T3802]  _copy_to_user+0x20/0xa0
[   36.375474][ T3802]  simple_read_from_buffer+0xb5/0x130
[   36.375496][ T3802]  proc_fail_nth_read+0x10e/0x150
[   36.375521][ T3802]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   36.375544][ T3802]  vfs_read+0x1a8/0x770
[   36.375563][ T3802]  ? ep_loop_check_proc+0x1ef/0x220
[   36.375599][ T3802]  ? __rcu_read_unlock+0x4f/0x70
[   36.375659][ T3802]  ? __fget_files+0x184/0x1c0
[   36.375682][ T3802]  ? fput+0x8f/0xc0
[   36.375711][ T3802]  ksys_read+0xda/0x1a0
[   36.375747][ T3802]  __x64_sys_read+0x40/0x50
[   36.375767][ T3802]  x64_sys_call+0x27bc/0x2ff0
[   36.375787][ T3802]  do_syscall_64+0xd2/0x200
[   36.375884][ T3802]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   36.375905][ T3802]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   36.375927][ T3802]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   36.375945][ T3802] RIP: 0033:0x7fd8bc9cd5fc
[   36.375972][ T3802] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   36.375987][ T3802] RSP: 002b:00007fd8bb42f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   36.376005][ T3802] RAX: ffffffffffffffda RBX: 00007fd8bcbf5fa0 RCX: 00007fd8bc9cd5fc
[   36.376016][ T3802] RDX: 000000000000000f RSI: 00007fd8bb42f0a0 RDI: 0000000000000006
[   36.376079][ T3802] RBP: 00007fd8bb42f090 R08: 0000000000000000 R09: 0000000000000000
[   36.376089][ T3802] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000001
[   36.376100][ T3802] R13: 00007fd8bcbf6038 R14: 00007fd8bcbf5fa0 R15: 00007ffc6e6d3a48
[   36.376116][ T3802]  </TASK>
[   36.620728][ T3805] syz.2.90 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   36.630835][ T3807] 9pnet_fd: Insufficient options for proto=fd
[   36.695064][ T3816] SELinux:  Context м is not valid (left unmapped).
[   36.723418][ T3816] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   36.782800][ T3823] loop1: detected capacity change from 0 to 512
[   36.790320][ T3823] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   36.854149][ T3829] loop3: detected capacity change from 0 to 512
[   36.861258][ T3829] EXT4-fs: Ignoring removed mblk_io_submit option
[   36.993243][ T3816] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   37.048616][ T3832] loop4: detected capacity change from 0 to 128
[   37.119240][ T3835] loop0: detected capacity change from 0 to 1024
[   37.129449][ T3835] EXT4-fs: Ignoring removed orlov option
[   37.190543][ T3829] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[   37.211836][ T3829] EXT4-fs (loop3): revision level too high, forcing read-only mode
[   37.219979][ T3829] EXT4-fs (loop3): orphan cleanup on readonly fs
[   37.227082][ T3829] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:483: comm syz.3.93: Invalid block bitmap block 0 in block_group 0
[   37.243262][ T3829] EXT4-fs (loop3): Remounting filesystem read-only
[   37.244002][ T3816] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   37.250601][ T3829] EXT4-fs (loop3): 1 orphan inode deleted
[   37.268399][ T3829] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   37.281527][ T3823] EXT4-fs (loop1): 1 truncate cleaned up
[   37.298179][ T3832] bio_check_eod: 84 callbacks suppressed
[   37.298202][ T3832] syz.4.101: attempt to access beyond end of device
[   37.298202][ T3832] loop4: rw=2049, sector=137, nr_sectors = 8 limit=128
[   37.300295][ T3823] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   37.304346][ T3832] syz.4.101: attempt to access beyond end of device
[   37.304346][ T3832] loop4: rw=2049, sector=153, nr_sectors = 8 limit=128
[   37.340738][ T3835] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   37.343981][ T3832] syz.4.101: attempt to access beyond end of device
[   37.343981][ T3832] loop4: rw=2049, sector=169, nr_sectors = 8 limit=128
[   37.370157][ T3832] syz.4.101: attempt to access beyond end of device
[   37.370157][ T3832] loop4: rw=2049, sector=185, nr_sectors = 8 limit=128
[   37.370161][ T3823] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   37.370229][ T3832] syz.4.101: attempt to access beyond end of device
[   37.370229][ T3832] loop4: rw=2049, sector=201, nr_sectors = 8 limit=128
[   37.409762][ T3816] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   37.421339][ T3832] syz.4.101: attempt to access beyond end of device
[   37.421339][ T3832] loop4: rw=2049, sector=217, nr_sectors = 8 limit=128
[   37.435243][ T3832] syz.4.101: attempt to access beyond end of device
[   37.435243][ T3832] loop4: rw=2049, sector=233, nr_sectors = 8 limit=128
[   37.449157][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.449153][ T3832] syz.4.101: attempt to access beyond end of device
[   37.449153][ T3832] loop4: rw=2049, sector=249, nr_sectors = 8 limit=128
[   37.449197][ T3832] syz.4.101: attempt to access beyond end of device
[   37.449197][ T3832] loop4: rw=2049, sector=265, nr_sectors = 8 limit=128
[   37.492083][ T3832] syz.4.101: attempt to access beyond end of device
[   37.492083][ T3832] loop4: rw=2049, sector=281, nr_sectors = 8 limit=128
[   37.535684][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.536367][  T579] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   37.553151][   T48] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   37.577794][   T48] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   37.594693][   T48] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   37.635425][ T3845] 9pnet_fd: Insufficient options for proto=fd
[   37.955635][ T3873] loop4: detected capacity change from 0 to 512
[   37.998731][ T3873] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   38.011954][ T3871] loop1: detected capacity change from 0 to 8192
[   38.020359][ T3873] EXT4-fs (loop4): 1 truncate cleaned up
[   38.040059][ T3873] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   38.129580][ T3873] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   38.156887][ T3879] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(13)
[   38.164004][ T3879] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   38.171911][ T3879] vhci_hcd vhci_hcd.0: Device attached
[   38.186806][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.212780][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.224934][ T3886] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(16)
[   38.231564][ T3886] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   38.239206][ T3886] vhci_hcd vhci_hcd.0: Device attached
[   38.248736][ T3879] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[   38.276810][ T3879] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(19)
[   38.283497][ T3879] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   38.291275][ T3879] vhci_hcd vhci_hcd.0: Device attached
[   38.314870][ T3879] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(21)
[   38.321598][ T3879] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[   38.329434][ T3879] vhci_hcd vhci_hcd.0: Device attached
[   38.343324][ T3879] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[   38.352070][ T3879] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[   38.360647][ T3879] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[   38.396048][ T3879] vhci_hcd vhci_hcd.0: pdev(2) rhport(7) sockfd(31)
[   38.402874][ T3879] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   38.410549][ T3879] vhci_hcd vhci_hcd.0: Device attached
[   38.418003][ T3899] loop1: detected capacity change from 0 to 512
[   38.428764][ T3904] netlink: 4 bytes leftover after parsing attributes in process `syz.0.123'.
[   38.434120][   T10] usb 5-1: new low-speed USB device number 2 using vhci_hcd
[   38.451837][ T3899] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   38.465617][ T3900] vhci_hcd: connection closed
[   38.465995][ T3895] vhci_hcd: connection closed
[   38.466290][ T3880] vhci_hcd: connection reset by peer
[   38.485407][ T3887] vhci_hcd: connection closed
[   38.489332][ T3539] vhci_hcd: stop threads
[   38.498625][ T3539] vhci_hcd: release socket
[   38.503125][ T3539] vhci_hcd: disconnect device
[   38.504673][ T3910] netlink: 4 bytes leftover after parsing attributes in process `syz.4.124'.
[   38.522552][ T3910] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   38.524916][ T3899] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   38.530281][ T3910] batman_adv: batadv0: Removing interface: batadv_slave_0
[   38.551995][ T3539] vhci_hcd: stop threads
[   38.556428][ T3539] vhci_hcd: release socket
[   38.557046][ T3899] EXT4-fs (loop1): 1 truncate cleaned up
[   38.561068][ T3539] vhci_hcd: disconnect device
[   38.580497][ T3539] vhci_hcd: stop threads
[   38.584818][ T3539] vhci_hcd: release socket
[   38.589335][ T3539] vhci_hcd: disconnect device
[   38.594982][ T3899] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   38.609790][ T3910] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   38.617368][ T3910] batman_adv: batadv0: Removing interface: batadv_slave_1
[   38.625397][ T3539] vhci_hcd: stop threads
[   38.629719][ T3539] vhci_hcd: release socket
[   38.634274][ T3539] vhci_hcd: disconnect device
[   38.812856][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.844214][ T3926] netlink: 16 bytes leftover after parsing attributes in process `syz.0.129'.
[   38.865089][ T3930] loop1: detected capacity change from 0 to 512
[   38.874185][ T3930] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   38.885663][ T3930] EXT4-fs (loop1): 1 truncate cleaned up
[   38.897048][ T3932] loop0: detected capacity change from 0 to 512
[   38.898446][ T3930] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   38.919600][ T3930] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   38.930313][ T3932] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   38.949847][ T3932] EXT4-fs (loop0): mount failed
[   38.957101][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.992488][ T3906] vhci_hcd: connection closed
[   39.006824][   T48] vhci_hcd: stop threads
[   39.016004][   T48] vhci_hcd: release socket
[   39.020513][   T48] vhci_hcd: disconnect device
[   39.078927][ T3944] unsupported nla_type 52263
[   39.083949][ T3944] netlink: 'syz.2.135': attribute type 4 has an invalid length.
[   39.094767][ T3944] netlink: 'syz.2.135': attribute type 4 has an invalid length.
[   39.113736][ T3949] netlink: 4 bytes leftover after parsing attributes in process `syz.0.136'.
[   39.374413][ T3951] loop2: detected capacity change from 0 to 1024
[   39.400290][ T3951] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.483311][ T3951] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4183: comm syz.2.137: Allocating blocks 497-513 which overlap fs metadata
[   39.505613][ T3960] loop3: detected capacity change from 0 to 1024
[   39.531964][ T3960] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.561873][ T3951] EXT4-fs (loop2): pa ffff88810765a380: logic 256, phys. 369, len 9
[   39.570124][ T3951] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   39.610387][ T3951] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[   39.631925][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.644668][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.661252][ T3965] loop3: detected capacity change from 0 to 1024
[   39.679517][ T3967] netlink: 132 bytes leftover after parsing attributes in process `'.
[   39.707113][ T3965] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.741533][ T3969] loop2: detected capacity change from 0 to 128
[   39.743433][ T3965] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[   39.760884][   T29] kauditd_printk_skb: 439 callbacks suppressed
[   39.760903][   T29] audit: type=1400 audit(1755876641.297:871): avc:  denied  { shutdown } for  pid=3970 comm="syz.0.142" laddr=fe80::f lport=53465 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   39.791213][ T3972] loop0: detected capacity change from 0 to 512
[   39.815450][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.847725][   T29] audit: type=1326 audit(1755876641.397:872): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3968 comm="syz.2.140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da41cebe9 code=0x7ffc0000
[   39.872553][ T3972] Quota error (device loop0): do_check_range: Getting dqdh_next_free 256 out of range 0-7
[   39.885326][ T3972] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[   39.896458][   T29] audit: type=1326 audit(1755876641.447:873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3968 comm="syz.2.140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f4da41cebe9 code=0x7ffc0000
[   39.898238][ T3972] EXT4-fs error (device loop0): ext4_acquire_dquot:6937: comm syz.0.142: Failed to acquire dquot type 1
[   39.921311][   T29] audit: type=1326 audit(1755876641.447:874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3968 comm="syz.2.140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da41cebe9 code=0x7ffc0000
[   39.956526][   T29] audit: type=1326 audit(1755876641.447:875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3968 comm="syz.2.140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da41cebe9 code=0x7ffc0000
[   39.980724][   T29] audit: type=1326 audit(1755876641.447:876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3968 comm="syz.2.140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f4da41cebe9 code=0x7ffc0000
[   40.004427][   T29] audit: type=1326 audit(1755876641.447:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3968 comm="syz.2.140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da41cebe9 code=0x7ffc0000
[   40.028072][   T29] audit: type=1326 audit(1755876641.447:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3968 comm="syz.2.140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4da41cebe9 code=0x7ffc0000
[   40.030938][ T3972] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.142: corrupted inode contents
[   40.075636][ T3977] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   40.100954][ T3979] loop1: detected capacity change from 0 to 512
[   40.116485][ T3972] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #16: comm syz.0.142: mark_inode_dirty error
[   40.128742][ T3972] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.142: corrupted inode contents
[   40.143294][ T3979] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   40.143512][ T3972] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #16: comm syz.0.142: mark_inode_dirty error
[   40.162683][ T3977] loop3: detected capacity change from 0 to 8192
[   40.166101][ T3972] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.142: corrupted inode contents
[   40.177116][ T3977] vfat: Unknown parameter ''
[   40.199906][ T3972] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem
[   40.208850][ T3979] EXT4-fs (loop1): 1 truncate cleaned up
[   40.216026][ T3979] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.228608][ T3972] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.142: corrupted inode contents
[   40.243066][ T3979] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   40.259162][ T3972] EXT4-fs error (device loop0): ext4_truncate:4666: inode #16: comm syz.0.142: mark_inode_dirty error
[   40.271242][ T3972] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem
[   40.282981][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.293010][ T3972] EXT4-fs (loop0): 1 truncate cleaned up
[   40.301636][ T3972] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.316412][ T3972] ext4 filesystem being mounted at /26/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   40.356022][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.369148][ T3989] syzkaller1: tun_chr_ioctl cmd 2147767506
[   40.385166][ T3991] loop1: detected capacity change from 0 to 2048
[   40.393465][ T3991] EXT4-fs: Ignoring removed mblk_io_submit option
[   40.445006][ T3991] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.474953][ T4001] netlink: 4 bytes leftover after parsing attributes in process `syz.0.151'.
[   40.514584][ T3991] netlink: 4 bytes leftover after parsing attributes in process `syz.1.149'.
[   40.576046][ T4005] loop4: detected capacity change from 0 to 1024
[   40.583925][ T4005] EXT4-fs: Ignoring removed orlov option
[   40.614789][ T4008] loop0: detected capacity change from 0 to 1024
[   40.633336][ T4005] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.687754][ T4008] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.709622][ T4008] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.155: Allocating blocks 497-513 which overlap fs metadata
[   40.723651][ T3676] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set
[   40.802654][ T4016] loop2: detected capacity change from 0 to 512
[   40.809703][ T4016] EXT4-fs: Ignoring removed mblk_io_submit option
[   40.820073][ T4016] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[   40.834818][ T4016] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   40.843071][ T4016] EXT4-fs (loop2): orphan cleanup on readonly fs
[   40.850879][ T4016] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.154: Invalid block bitmap block 0 in block_group 0
[   40.865393][ T4016] EXT4-fs (loop2): Remounting filesystem read-only
[   40.872220][ T4016] EXT4-fs (loop2): 1 orphan inode deleted
[   41.049081][ T3676] EXT4-fs (loop1): Remounting filesystem read-only
[   41.070854][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.123511][ T4008] EXT4-fs (loop0): pa ffff88810765a3f0: logic 256, phys. 369, len 9
[   41.124139][ T4016] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   41.131756][ T4008] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   41.155481][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.197012][ T4008] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[   41.285592][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.336698][ T4031] FAULT_INJECTION: forcing a failure.
[   41.336698][ T4031] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   41.350397][ T4031] CPU: 1 UID: 0 PID: 4031 Comm: syz.4.160 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   41.350426][ T4031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   41.350511][ T4031] Call Trace:
[   41.350574][ T4031]  <TASK>
[   41.350583][ T4031]  __dump_stack+0x1d/0x30
[   41.350607][ T4031]  dump_stack_lvl+0xe8/0x140
[   41.350623][ T4031]  dump_stack+0x15/0x1b
[   41.350640][ T4031]  should_fail_ex+0x265/0x280
[   41.350716][ T4031]  should_fail+0xb/0x20
[   41.350732][ T4031]  should_fail_usercopy+0x1a/0x20
[   41.350750][ T4031]  _copy_from_iter+0xcf/0xe40
[   41.350791][ T4031]  ? __build_skb_around+0x1a0/0x200
[   41.350819][ T4031]  ? __alloc_skb+0x223/0x320
[   41.350847][ T4031]  netlink_sendmsg+0x471/0x6b0
[   41.350871][ T4031]  ? __pfx_netlink_sendmsg+0x10/0x10
[   41.350957][ T4031]  __sock_sendmsg+0x145/0x180
[   41.351060][ T4031]  sock_write_iter+0x165/0x1b0
[   41.351153][ T4031]  do_iter_readv_writev+0x499/0x540
[   41.351178][ T4031]  vfs_writev+0x2df/0x8b0
[   41.351271][ T4031]  do_writev+0xe7/0x210
[   41.351376][ T4031]  __x64_sys_writev+0x45/0x50
[   41.351401][ T4031]  x64_sys_call+0x1e9a/0x2ff0
[   41.351422][ T4031]  do_syscall_64+0xd2/0x200
[   41.351450][ T4031]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   41.351497][ T4031]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   41.351524][ T4031]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   41.351543][ T4031] RIP: 0033:0x7ff9a68debe9
[   41.351559][ T4031] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   41.351611][ T4031] RSP: 002b:00007ff9a533f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   41.351727][ T4031] RAX: ffffffffffffffda RBX: 00007ff9a6b05fa0 RCX: 00007ff9a68debe9
[   41.351739][ T4031] RDX: 0000000000000001 RSI: 00002000000003c0 RDI: 0000000000000007
[   41.351750][ T4031] RBP: 00007ff9a533f090 R08: 0000000000000000 R09: 0000000000000000
[   41.351761][ T4031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   41.351772][ T4031] R13: 00007ff9a6b06038 R14: 00007ff9a6b05fa0 R15: 00007fff183884e8
[   41.351788][ T4031]  </TASK>
[   41.633949][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.668911][ T4044] loop2: detected capacity change from 0 to 1024
[   41.677911][ T4042] netlink: 4 bytes leftover after parsing attributes in process `syz.3.165'.
[   41.682407][ T4046] netlink: 'syz.1.166': attribute type 37 has an invalid length.
[   41.711148][ T4048] loop0: detected capacity change from 0 to 1024
[   41.720537][ T4044] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.761723][ T4048] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.776248][ T4044] ext4 filesystem being mounted at /28/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   41.778672][ T4053] loop3: detected capacity change from 0 to 128
[   41.801383][ T4044] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 1: comm syz.2.164: lblock 1 mapped to illegal pblock 1 (length 15)
[   41.818354][ T4044] EXT4-fs error (device loop2): ext4_map_blocks:814: inode #15: block 1: comm syz.2.164: lblock 1 mapped to illegal pblock 1 (length 3)
[   41.820460][ T4048] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.167: Allocating blocks 497-513 which overlap fs metadata
[   41.849008][ T4044] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 3 with error 117
[   41.861624][ T4044] EXT4-fs (loop2): This should not happen!! Data will be lost
[   41.861624][ T4044] 
[   41.876384][ T4048] EXT4-fs (loop0): pa ffff8881075ff0e0: logic 256, phys. 369, len 9
[   41.884630][ T4048] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   41.895028][ T4064] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 8: comm syz.2.164: lblock 8 mapped to illegal pblock 8 (length 8)
[   41.895246][ T4048] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[   41.926086][ T4044] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 4: comm syz.2.164: lblock 4 mapped to illegal pblock 4 (length 1)
[   41.940520][ T4064] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 8: comm syz.2.164: lblock 8 mapped to illegal pblock 8 (length 4)
[   41.961769][ T4064] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #15: block 8: comm syz.2.164: lblock 8 mapped to illegal pblock 8 (length 4)
[   42.014779][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.026777][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.122654][ T4080] netlink: 4 bytes leftover after parsing attributes in process `syz.2.178'.
[   42.149507][ T4082] netlink: 132 bytes leftover after parsing attributes in process `'.
[   42.163306][ T4083] bpf: Bad value for 'gid'
[   42.206936][ T4083] loop4: detected capacity change from 0 to 8192
[   42.262417][ T4092] loop2: detected capacity change from 0 to 512
[   42.264501][ T4092] EXT4-fs: Ignoring removed mblk_io_submit option
[   42.270713][ T3509]  loop4: p1 p2 < > p3 p4 < p5 >
[   42.281298][ T3509] loop4: partition table partially beyond EOD, truncated
[   42.291986][ T3509] loop4: p1 size 100663296 extends beyond EOD, truncated
[   42.292699][ T4092] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[   42.292950][ T3509] loop4: p2 start 591104 is beyond EOD, truncated
[   42.292965][ T3509] loop4: p3 start 33572980 is beyond EOD, truncated
[   42.294682][ T4092] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   42.301320][ T3509] loop4: p5 size 100663296 extends beyond EOD, 
[   42.324977][ T4092] EXT4-fs (loop2): orphan cleanup on readonly fs
[   42.332103][ T3509] truncated
[   42.348082][ T4083]  loop4: p1 p2 < > p3 p4 < p5 >
[   42.348152][ T4083] loop4: partition table partially beyond EOD, truncated
[   42.348302][ T4083] loop4: p1 size 100663296 extends beyond EOD, truncated
[   42.349983][ T4092] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.183: Invalid block bitmap block 0 in block_group 0
[   42.354568][ T4083] loop4: p2 start 591104 is beyond EOD, 
[   42.361119][ T4092] EXT4-fs (loop2): Remounting filesystem read-only
[   42.368271][ T4083] truncated
[   42.368279][ T4083] loop4: p3 start 33572980 is beyond EOD, 
[   42.383401][ T4092] EXT4-fs (loop2): 1 orphan inode deleted
[   42.387572][ T4083] truncated
[   42.395359][ T4092] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   42.401207][ T4083] loop4: p5 size 100663296 extends beyond EOD, truncated
[   42.446475][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.460631][ T4097] loop0: detected capacity change from 0 to 1024
[   42.490147][ T4097] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   42.523630][ T4097] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.185: Allocating blocks 497-513 which overlap fs metadata
[   42.528224][ T4097] EXT4-fs (loop0): pa ffff88810765a460: logic 256, phys. 369, len 9
[   42.546004][ T4097] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   42.558005][ T4097] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[   42.630548][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.659161][ T4111] netlink: 4 bytes leftover after parsing attributes in process `syz.0.190'.
[   42.738015][ T4119] netlink: 'syz.0.194': attribute type 4 has an invalid length.
[   42.752882][ T4121] loop3: detected capacity change from 0 to 1024
[   42.753209][ T4121] EXT4-fs: Ignoring removed orlov option
[   42.761879][ T4121] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.847744][ T4132] loop1: detected capacity change from 0 to 1024
[   42.886057][ T4132] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   42.889068][ T4132] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4183: comm syz.1.200: Allocating blocks 497-513 which overlap fs metadata
[   42.919809][ T4132] EXT4-fs (loop1): pa ffff88810765a4d0: logic 256, phys. 369, len 9
[   42.919949][ T4132] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   42.920223][ T4132] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[   43.001698][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.050253][ T4144] netlink: 4 bytes leftover after parsing attributes in process `syz.0.205'.
[   43.190184][ T4149] loop1: detected capacity change from 0 to 2048
[   43.200862][ T4145] loop2: detected capacity change from 0 to 512
[   43.226949][ T4149] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 67108867)!
[   43.237936][ T4149] EXT4-fs (loop1): group descriptors corrupted!
[   43.278879][ T4145] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   43.304090][ T4145] ext4 filesystem being mounted at /41/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   43.341209][ T4159] Zero length message leads to an empty skb
[   43.368245][ T4160] FAULT_INJECTION: forcing a failure.
[   43.368245][ T4160] name failslab, interval 1, probability 0, space 0, times 0
[   43.381158][ T4160] CPU: 0 UID: 0 PID: 4160 Comm: syz.4.210 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   43.381184][ T4160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   43.381195][ T4160] Call Trace:
[   43.381203][ T4160]  <TASK>
[   43.381212][ T4160]  __dump_stack+0x1d/0x30
[   43.381236][ T4160]  dump_stack_lvl+0xe8/0x140
[   43.381317][ T4160]  dump_stack+0x15/0x1b
[   43.381331][ T4160]  should_fail_ex+0x265/0x280
[   43.381349][ T4160]  should_failslab+0x8c/0xb0
[   43.381373][ T4160]  kmem_cache_alloc_node_noprof+0x57/0x320
[   43.381403][ T4160]  ? __alloc_skb+0x101/0x320
[   43.381458][ T4160]  __alloc_skb+0x101/0x320
[   43.381484][ T4160]  rtmsg_ifinfo_build_skb+0x5f/0x1b0
[   43.381540][ T4160]  ? kvfree_call_rcu+0x29a/0x320
[   43.381592][ T4160]  ? __pfx_rtnetlink_event+0x10/0x10
[   43.381614][ T4160]  rtnetlink_event+0x18c/0x200
[   43.381637][ T4160]  raw_notifier_call_chain+0x6c/0x1b0
[   43.381658][ T4160]  ? call_netdevice_notifiers_info+0x9c/0x100
[   43.381802][ T4160]  call_netdevice_notifiers_info+0xae/0x100
[   43.381829][ T4160]  __netdev_upper_dev_unlink+0x17f/0x760
[   43.381938][ T4160]  ? cred_has_capability+0x210/0x280
[   43.381964][ T4160]  netdev_upper_dev_unlink+0x1d/0x30
[   43.382129][ T4160]  unregister_vlan_dev+0x1f4/0x2b0
[   43.382160][ T4160]  vlan_ioctl_handler+0x226/0x4f0
[   43.382189][ T4160]  ? __pfx_vlan_ioctl_handler+0x10/0x10
[   43.382267][ T4160]  sock_ioctl+0x4a7/0x610
[   43.382288][ T4160]  ? __pfx_sock_ioctl+0x10/0x10
[   43.382311][ T4160]  __se_sys_ioctl+0xce/0x140
[   43.382357][ T4160]  __x64_sys_ioctl+0x43/0x50
[   43.382386][ T4160]  x64_sys_call+0x1816/0x2ff0
[   43.382407][ T4160]  do_syscall_64+0xd2/0x200
[   43.382437][ T4160]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   43.382460][ T4160]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   43.382485][ T4160]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   43.382507][ T4160] RIP: 0033:0x7ff9a68debe9
[   43.382524][ T4160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   43.382570][ T4160] RSP: 002b:00007ff9a533f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   43.382587][ T4160] RAX: ffffffffffffffda RBX: 00007ff9a6b05fa0 RCX: 00007ff9a68debe9
[   43.382597][ T4160] RDX: 0000200000002800 RSI: 0000000000008982 RDI: 0000000000000004
[   43.382608][ T4160] RBP: 00007ff9a533f090 R08: 0000000000000000 R09: 0000000000000000
[   43.382618][ T4160] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   43.382630][ T4160] R13: 00007ff9a6b06038 R14: 00007ff9a6b05fa0 R15: 00007fff183884e8
[   43.382649][ T4160]  </TASK>
[   43.638741][   T10] usb 5-1: enqueue for inactive port 0
[   43.644283][   T10] usb 5-1: enqueue for inactive port 0
[   43.674118][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.713893][   T10] vhci_hcd: vhci_device speed not set
[   43.726666][ T4171] loop3: detected capacity change from 0 to 1024
[   43.754899][ T4171] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   43.824253][ T4185] netlink: 4 bytes leftover after parsing attributes in process `syz.4.218'.
[   43.895326][ T4171] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.214: Allocating blocks 497-513 which overlap fs metadata
[   43.948460][ T4193] loop4: detected capacity change from 0 to 512
[   43.960618][ T4196] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[   43.967015][ T4181] loop0: detected capacity change from 0 to 2048
[   43.975698][ T4193] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   43.992746][ T4171] EXT4-fs (loop3): pa ffff8881075ff1c0: logic 256, phys. 369, len 9
[   44.001193][ T4171] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   44.014871][ T4193] EXT4-fs (loop4): 1 truncate cleaned up
[   44.021210][ T4171] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[   44.043643][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.056962][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.067723][ T4193] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.083198][ T4181] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   44.098189][ T4181] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   44.132417][ T3301] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.135505][ T4181] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28
[   44.147818][ T4210] loop3: detected capacity change from 0 to 1024
[   44.154070][ T4181] EXT4-fs (loop0): This should not happen!! Data will be lost
[   44.154070][ T4181] 
[   44.170228][ T4181] EXT4-fs (loop0): Total free blocks count 0
[   44.176324][ T4181] EXT4-fs (loop0): Free/Dirty block details
[   44.182282][ T4181] EXT4-fs (loop0): free_blocks=2415919104
[   44.188061][ T4181] EXT4-fs (loop0): dirty_blocks=16
[   44.193182][ T4181] EXT4-fs (loop0): Block reservation details
[   44.199270][ T4181] EXT4-fs (loop0): i_reserved_data_blocks=1
[   44.215081][ T4213] loop2: detected capacity change from 0 to 1024
[   44.239671][ T4210] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.263034][ T4210] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   44.265487][ T4213] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.292017][ T4210] FAULT_INJECTION: forcing a failure.
[   44.292017][ T4210] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   44.299306][ T4213] ext4 filesystem being mounted at /43/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   44.305496][ T4210] CPU: 1 UID: 0 PID: 4210 Comm: syz.3.227 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   44.305525][ T4210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   44.305557][ T4210] Call Trace:
[   44.305566][ T4210]  <TASK>
[   44.305574][ T4210]  __dump_stack+0x1d/0x30
[   44.305597][ T4210]  dump_stack_lvl+0xe8/0x140
[   44.305616][ T4210]  dump_stack+0x15/0x1b
[   44.305632][ T4210]  should_fail_ex+0x265/0x280
[   44.305895][ T4210]  should_fail+0xb/0x20
[   44.305912][ T4210]  should_fail_usercopy+0x1a/0x20
[   44.305937][ T4210]  _copy_to_user+0x20/0xa0
[   44.306039][ T4210]  simple_read_from_buffer+0xb5/0x130
[   44.306060][ T4210]  proc_fail_nth_read+0x10e/0x150
[   44.306088][ T4210]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   44.306127][ T4210]  vfs_read+0x1a8/0x770
[   44.306193][ T4210]  ? __rcu_read_unlock+0x4f/0x70
[   44.306212][ T4210]  ? __rcu_read_unlock+0x4f/0x70
[   44.306231][ T4210]  ? __fget_files+0x184/0x1c0
[   44.306257][ T4210]  ksys_read+0xda/0x1a0
[   44.306279][ T4210]  __x64_sys_read+0x40/0x50
[   44.306376][ T4210]  x64_sys_call+0x27bc/0x2ff0
[   44.306469][ T4210]  do_syscall_64+0xd2/0x200
[   44.306517][ T4210]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   44.306541][ T4210]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   44.306576][ T4210]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   44.306597][ T4210] RIP: 0033:0x7fd8bc9cd5fc
[   44.306613][ T4210] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   44.306630][ T4210] RSP: 002b:00007fd8bb42f030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   44.306649][ T4210] RAX: ffffffffffffffda RBX: 00007fd8bcbf5fa0 RCX: 00007fd8bc9cd5fc
[   44.306708][ T4210] RDX: 000000000000000f RSI: 00007fd8bb42f0a0 RDI: 0000000000000005
[   44.306721][ T4210] RBP: 00007fd8bb42f090 R08: 0000000000000000 R09: 0000000000000000
[   44.306733][ T4210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   44.306814][ T4210] R13: 00007fd8bcbf6038 R14: 00007fd8bcbf5fa0 R15: 00007ffc6e6d3a48
[   44.306832][ T4210]  </TASK>
[   44.316663][ T4223] netlink: 4 bytes leftover after parsing attributes in process `syz.1.231'.
[   44.391318][ T4225] lo speed is unknown, defaulting to 1000
[   44.508127][ T4229] netlink: 8 bytes leftover after parsing attributes in process `syz.4.232'.
[   44.508249][ T4229] IPVS: Error joining to the multicast group
[   44.539948][ T3312] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.544938][ T4213] lo speed is unknown, defaulting to 1000
[   44.581210][ T4230] loop4: detected capacity change from 0 to 512
[   44.584134][  T579] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[   44.644845][ T4230] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.232: Failed to acquire dquot type 1
[   44.679915][ T4230] EXT4-fs (loop4): 1 truncate cleaned up
[   44.689231][ T4238] loop0: detected capacity change from 0 to 1024
[   44.710265][ T4230] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.737316][ T4230] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   44.752250][ T4229] netlink: 32 bytes leftover after parsing attributes in process `syz.4.232'.
[   44.762752][ T4238] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.796174][ T4243] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[   44.810501][   T29] kauditd_printk_skb: 922 callbacks suppressed
[   44.810519][   T29] audit: type=1326 audit(1755876646.357:1793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4236 comm="syz.0.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7420f3d550 code=0x7ffc0000
[   44.840382][   T29] audit: type=1326 audit(1755876646.357:1794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4236 comm="syz.0.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f7420f3d937 code=0x7ffc0000
[   44.864006][   T29] audit: type=1326 audit(1755876646.357:1795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4236 comm="syz.0.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7420f3d550 code=0x7ffc0000
[   44.887838][   T29] audit: type=1326 audit(1755876646.357:1796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4236 comm="syz.0.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7420f3ebe9 code=0x7ffc0000
[   44.956835][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.956834][ T3300] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.957286][   T29] audit: type=1326 audit(1755876646.457:1797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4236 comm="syz.0.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f7420f3ebe9 code=0x7ffc0000
[   44.998603][   T29] audit: type=1326 audit(1755876646.457:1798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4236 comm="syz.0.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7420f3ebe9 code=0x7ffc0000
[   45.022636][   T29] audit: type=1326 audit(1755876646.457:1799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4236 comm="syz.0.234" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7420f3ebe9 code=0x7ffc0000
[   45.068973][ T4257] 9pnet_fd: Insufficient options for proto=fd
[   45.081578][ T4254] loop1: detected capacity change from 0 to 512
[   45.096181][ T4254] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   45.112439][ T4259] FAULT_INJECTION: forcing a failure.
[   45.112439][ T4259] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   45.125597][ T4259] CPU: 1 UID: 0 PID: 4259 Comm: syz.0.241 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   45.125623][ T4259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   45.125677][ T4259] Call Trace:
[   45.125685][ T4259]  <TASK>
[   45.125693][ T4259]  __dump_stack+0x1d/0x30
[   45.125717][ T4259]  dump_stack_lvl+0xe8/0x140
[   45.125736][ T4259]  dump_stack+0x15/0x1b
[   45.125756][ T4259]  should_fail_ex+0x265/0x280
[   45.125774][ T4259]  should_fail+0xb/0x20
[   45.125790][ T4259]  should_fail_usercopy+0x1a/0x20
[   45.125866][ T4259]  _copy_from_user+0x1c/0xb0
[   45.125893][ T4259]  __sys_sendto+0x19e/0x330
[   45.126013][ T4259]  __x64_sys_sendto+0x76/0x90
[   45.126030][ T4259]  x64_sys_call+0x2d05/0x2ff0
[   45.126056][ T4259]  do_syscall_64+0xd2/0x200
[   45.126084][ T4259]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   45.126110][ T4259]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   45.126161][ T4259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.126179][ T4259] RIP: 0033:0x7f7420f3ebe9
[   45.126193][ T4259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   45.126255][ T4259] RSP: 002b:00007f741f99f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   45.126272][ T4259] RAX: ffffffffffffffda RBX: 00007f7421165fa0 RCX: 00007f7420f3ebe9
[   45.126284][ T4259] RDX: 0000000000000001 RSI: 00002000000002c0 RDI: 0000000000000006
[   45.126366][ T4259] RBP: 00007f741f99f090 R08: 0000200000000200 R09: 000000000000001c
[   45.126379][ T4259] R10: 0000000000000041 R11: 0000000000000246 R12: 0000000000000001
[   45.126390][ T4259] R13: 00007f7421166038 R14: 00007f7421165fa0 R15: 00007ffef1435608
[   45.126405][ T4259]  </TASK>
[   45.168760][ T4262] loop2: detected capacity change from 0 to 1024
[   45.313637][ T4254] EXT4-fs (loop1): 1 truncate cleaned up
[   45.347457][ T4262] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   45.360494][ T4254] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   45.381595][ T4262] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[   45.409892][ T4254] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   45.423167][ T4266] netlink: 4 bytes leftover after parsing attributes in process `syz.0.245'.
[   45.458974][   T29] audit: type=1326 audit(1755876647.007:1800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4265 comm="syz.0.245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7420f3ebe9 code=0x7ffc0000
[   45.482628][   T29] audit: type=1326 audit(1755876647.007:1801): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4265 comm="syz.0.245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7420f3ebe9 code=0x7ffc0000
[   45.512691][   T29] audit: type=1326 audit(1755876647.057:1802): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4265 comm="syz.0.245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f7420f3d550 code=0x7ffc0000
[   45.514942][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.559492][ T3306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.618037][ T4273] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=48 sclass=netlink_tcpdiag_socket pid=4273 comm=syz.1.246
[   45.738096][ T4287] syzkaller1: tun_chr_ioctl cmd 2147767506
[   45.796305][ T4291] loop3: detected capacity change from 0 to 1024
[   45.940068][ T4291] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4183: comm syz.3.252: Allocating blocks 497-513 which overlap fs metadata
[   46.043287][ T4293] loop1: detected capacity change from 0 to 512
[   46.050144][ T4293] EXT4-fs: Ignoring removed mblk_io_submit option
[   46.061238][ T4293] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[   46.072021][ T4293] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   46.080198][ T4293] EXT4-fs (loop1): orphan cleanup on readonly fs
[   46.087170][ T4293] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.253: Invalid block bitmap block 0 in block_group 0
[   46.101025][ T4293] EXT4-fs (loop1): Remounting filesystem read-only
[   46.107791][ T4293] EXT4-fs (loop1): 1 orphan inode deleted
[   46.128314][ T4291] EXT4-fs (loop3): pa ffff88810765a620: logic 256, phys. 369, len 9
[   46.136490][ T4291] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   46.153501][ T4291] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[   46.351405][ T4304] loop0: detected capacity change from 0 to 2048
[   46.376295][ T4304] EXT4-fs: Ignoring removed mblk_io_submit option
[   46.403300][ T4309] netlink: 'syz.3.256': attribute type 4 has an invalid length.
[   46.549095][ T4325] syzkaller0: entered promiscuous mode
[   46.554784][ T4325] syzkaller0: entered allmulticast mode
[   46.600057][ T4328] loop4: detected capacity change from 0 to 512
[   46.615947][ T4328] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   46.647931][ T4328] EXT4-fs (loop4): 1 truncate cleaned up
[   46.673474][ T4328] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   46.691153][ T4338] loop0: detected capacity change from 0 to 1024
[   46.704703][ T4336] loop2: detected capacity change from 0 to 128
[   46.714083][ T3390] usb usb6-port1: attempt power cycle
[   46.721315][ T4338] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.267: Allocating blocks 497-513 which overlap fs metadata
[   46.738050][ T4338] EXT4-fs (loop0): pa ffff8881075ff230: logic 256, phys. 369, len 9
[   46.746206][ T4338] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   46.773110][ T4344] loop4: detected capacity change from 0 to 1024
[   46.776891][ T4336] bio_check_eod: 131 callbacks suppressed
[   46.776911][ T4336] syz.2.266: attempt to access beyond end of device
[   46.776911][ T4336] loop2: rw=2049, sector=137, nr_sectors = 8 limit=128
[   46.783683][ T4338] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, 
[   46.785830][ T4336] syz.2.266: attempt to access beyond end of device
[   46.785830][ T4336] loop2: rw=2049, sector=153, nr_sectors = 8 limit=128
[   46.798935][ T4338] inode 18: block 129:
[   46.806660][ T4336] syz.2.266: attempt to access beyond end of device
[   46.806660][ T4336] loop2: rw=2049, sector=169, nr_sectors = 8 limit=128
[   46.820335][ T4338] freeing already freed block (bit 8); block bitmap corrupt.
[   46.824655][ T4336] syz.2.266: attempt to access beyond end of device
[   46.824655][ T4336] loop2: rw=2049, sector=185, nr_sectors = 8 limit=128
[   46.877073][ T4336] syz.2.266: attempt to access beyond end of device
[   46.877073][ T4336] loop2: rw=2049, sector=201, nr_sectors = 8 limit=128
[   46.892685][ T4336] syz.2.266: attempt to access beyond end of device
[   46.892685][ T4336] loop2: rw=2049, sector=217, nr_sectors = 8 limit=128
[   46.899400][ T4344] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[   46.906989][ T4336] syz.2.266: attempt to access beyond end of device
[   46.906989][ T4336] loop2: rw=2049, sector=233, nr_sectors = 8 limit=128
[   46.934919][ T4336] syz.2.266: attempt to access beyond end of device
[   46.934919][ T4336] loop2: rw=2049, sector=249, nr_sectors = 8 limit=128
[   46.963233][ T4336] syz.2.266: attempt to access beyond end of device
[   46.963233][ T4336] loop2: rw=2049, sector=265, nr_sectors = 8 limit=128
[   46.978193][ T4336] syz.2.266: attempt to access beyond end of device
[   46.978193][ T4336] loop2: rw=2049, sector=281, nr_sectors = 8 limit=128
[   47.034834][ T4353] loop0: detected capacity change from 0 to 1024
[   47.085974][ T4353] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.269: Allocating blocks 497-513 which overlap fs metadata
[   47.101605][ T4353] EXT4-fs (loop0): pa ffff88810765a700: logic 256, phys. 369, len 9
[   47.110200][ T4353] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   47.122052][ T4353] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[   47.175835][ T4363] __nla_validate_parse: 3 callbacks suppressed
[   47.175853][ T4363] netlink: 80 bytes leftover after parsing attributes in process `syz.0.272'.
[   47.254769][ T4364] loop4: detected capacity change from 0 to 512
[   47.261905][ T4364] EXT4-fs: Ignoring removed mblk_io_submit option
[   47.381854][ T4364] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[   47.415796][ T4364] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   47.424075][ T4364] EXT4-fs (loop4): orphan cleanup on readonly fs
[   47.431838][ T4364] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.270: Invalid block bitmap block 0 in block_group 0
[   47.447597][ T4364] EXT4-fs (loop4): Remounting filesystem read-only
[   47.454500][ T4364] EXT4-fs (loop4): 1 orphan inode deleted
[   47.634387][ T4358] lo speed is unknown, defaulting to 1000
[   47.792936][ T4392] loop2: detected capacity change from 0 to 1024
[   47.814985][ T4392] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[   47.928653][ T4400] loop4: detected capacity change from 0 to 512
[   47.938764][ T4400] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   47.955455][ T4400] EXT4-fs (loop4): 1 truncate cleaned up
[   47.969061][ T4400] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   47.984838][ T4406] netlink: 132 bytes leftover after parsing attributes in process `syz.0.285'.
[   48.150863][ T4433] loop0: detected capacity change from 0 to 512
[   48.158114][ T4433] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   48.169334][ T4433] EXT4-fs (loop0): 1 truncate cleaned up
[   48.180878][ T4433] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   48.189891][ T4437] loop4: detected capacity change from 0 to 1024
[   48.221452][ T4437] EXT4-fs error (device loop4): mb_free_blocks:2017: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[   48.265676][ T4441] loop0: detected capacity change from 0 to 1024
[   48.290316][ T4441] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4183: comm syz.0.295: Allocating blocks 497-513 which overlap fs metadata
[   48.306132][ T4441] EXT4-fs (loop0): pa ffff8881075ff380: logic 256, phys. 369, len 9
[   48.314603][ T4441] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5434: group 0, free 0, pa_free 1
[   48.327914][ T4441] EXT4-fs error (device loop0): mb_free_blocks:2017: group 0, inode 18: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[   48.365909][ T4452] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=48 sclass=netlink_tcpdiag_socket pid=4452 comm=syz.4.299
[   48.554367][ T4476] loop1: detected capacity change from 0 to 1024
[   48.562421][ T4476] EXT4-fs: Ignoring removed orlov option
[   48.580747][ T4478] џџџџџџ№рт{CaT: renamed from vlan1 (while UP)
[   48.664067][ T4480] loop4: detected capacity change from 0 to 512
[   48.671185][ T4480] EXT4-fs: Ignoring removed mblk_io_submit option
[   48.680667][ T4480] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[   48.775734][ T4480] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   48.784039][ T4480] EXT4-fs (loop4): orphan cleanup on readonly fs
[   48.790960][ T4480] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.305: Invalid block bitmap block 0 in block_group 0
[   48.806803][ T4480] EXT4-fs (loop4): Remounting filesystem read-only
[   48.813705][ T4480] EXT4-fs (loop4): 1 orphan inode deleted
[   49.041870][ T4475] lo speed is unknown, defaulting to 1000
[   49.098182][ T4483] loop1: detected capacity change from 0 to 1024
[   49.124461][ T4483] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[   49.190269][ T4491] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=48 sclass=netlink_tcpdiag_socket pid=4491 comm=syz.1.311
[   49.244030][ T3390] usb usb6-port1: unable to enumerate USB device
[   49.375682][ T4504] loop1: detected capacity change from 0 to 1024
[   49.393023][ T4504] EXT4-fs: Ignoring removed orlov option
[   49.541412][ T4517] loop3: detected capacity change from 0 to 1024
[   49.581973][ T4517] EXT4-fs error (device loop3): mb_free_blocks:2017: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[   49.682697][ T4526] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=48 sclass=netlink_tcpdiag_socket pid=4526 comm=syz.1.322
[   49.715483][ T4528] netlink: 4 bytes leftover after parsing attributes in process `syz.3.323'.
[   49.762325][ T4535] loop1: detected capacity change from 0 to 512
[   49.770222][ T4535] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   49.785763][ T4535] EXT4-fs (loop1): 1 truncate cleaned up
[   49.809219][ T4535] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[   49.837152][ T4536] loop3: detected capacity change from 0 to 512
[   49.844666][ T4536] ==================================================================
[   49.852868][ T4536] BUG: KCSAN: data-race in fsnotify_detach_mark / inotify_handle_inode_event
[   49.861834][ T4536] 
[   49.864263][ T4536] write to 0xffff8881253db7c4 of 4 bytes by task 3509 on cpu 1:
[   49.871903][ T4536]  fsnotify_detach_mark+0xba/0x160
[   49.877033][ T4536]  fsnotify_destroy_mark+0x70/0x150
[   49.882320][ T4536]  __se_sys_inotify_rm_watch+0xe8/0x170
[   49.887878][ T4536]  __x64_sys_inotify_rm_watch+0x31/0x40
[   49.893544][ T4536]  x64_sys_call+0x2e86/0x2ff0
[   49.898422][ T4536]  do_syscall_64+0xd2/0x200
[   49.902956][ T4536]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.908861][ T4536] 
[   49.911198][ T4536] read to 0xffff8881253db7c4 of 4 bytes by task 4536 on cpu 0:
[   49.919091][ T4536]  inotify_handle_inode_event+0x34e/0x3d0
[   49.924855][ T4536]  fsnotify_handle_inode_event+0x1c0/0x220
[   49.930711][ T4536]  fsnotify+0x13c9/0x14b0
[   49.935137][ T4536]  __fsnotify_parent+0x2ed/0x330
[   49.940382][ T4536]  __fput+0x1de/0x650
[   49.944465][ T4536]  fput_close_sync+0x6e/0x120
[   49.949174][ T4536]  __x64_sys_close+0x56/0xf0
[   49.953946][ T4536]  x64_sys_call+0x2738/0x2ff0
[   49.958747][ T4536]  do_syscall_64+0xd2/0x200
[   49.963374][ T4536]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.969459][ T4536] 
[   49.971784][ T4536] value changed: 0x00000003 -> 0x00000000
[   49.977509][ T4536] 
[   49.979832][ T4536] Reported by Kernel Concurrency Sanitizer on:
[   49.986160][ T4536] CPU: 0 UID: 0 PID: 4536 Comm: syz.3.327 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   49.996165][ T4536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[   50.006509][ T4536] ==================================================================
[   50.018964][ T4536] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   50.030995][ T4536] EXT4-fs (loop3): 1 truncate cleaned up