last executing test programs:

1.963993517s ago: executing program 4 (id=439):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRES64, @ANYRESHEX=r0, @ANYRESOCT=r0], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x20000000000000bb, &(0x7f00000006c0)=ANY=[@ANYRES8=r0], &(0x7f0000000540)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r2}, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000240)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xd}}, 0x6}, 0x1c)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
fcntl$dupfd(r3, 0x0, r3)
sendmmsg(r3, &(0x7f00000028c0)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)="b3", 0x1}], 0x1}}], 0x1, 0x4015)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000080)={[{@bsdgroups}]}, 0xfc, 0x574, &(0x7f0000001980)="$eJzs3c9rHFUcAPDvbJI2/aFJoRT1IIEerNRumsQfFTzUk4gWC3qvS7INJZtuyW5KEwu2B3vxIkUQsSB69+6x+A/4VxS0UKQEPXiJzGY2XZPZNNlumm3384Fp35uZzZvvvvm+fbOzywbQt8bSfwoRL0fEN0nESMu2wcg2jq3tt/Lw+nS6JLG6+ulfSSTZuub+Sfb/oazyUkT89lXEycLmdmtLy3OlSqW8kNXH6/NXxmtLy6cuzZdmy7Ply5NTU2fempp89523uxbr6+f/+f6Tux+e+fr4yne/3D9yO4mzcTjb1hrHE7jRWhmLsew5GYqzG3ac6EJjvSTZ6wOgIwNZng9FOgaMxECW9blWR57moQG77Ms0rYE+lch/6FPNeUDz2r5L18HPjAfvr10AbY5/cO29kRhuXBsdXEn+d2WUXu+OdqH9tI1f/7xzO12i3fsQ+7vQEMAGN25GxOnBwc3jX5KNf507vY19NrbRb68/sJfupvOfN/LmP4X1+U/kzH8O5eRuJx6f/4X7XWimrXT+917u/Hf9ptXoQFZ7oTHnG0ouXqqU07HtxYg4EUP70/pERHyQfxPk88LKvdV27bfO/9Ilbb85F8yO4/7ghvnfTKleevLI1zy4GfFK7vw3We//JKf/0+fj/DbbOFa+82q7bY+Pf3et/hTxWm7/P+rMZOv7k+ON82G8eVZs9vetY7+3a3+v40/7/+DW8Y8mrfdraztv48fhf8vttnV6/u9LPmuU92XrrpXq9YWJiH3Jx5vXTz56bLPe3D+N/8Txrce/vPP/QJrY24z/1tFbrbsO7yz+3ZXGP7Oj/t954d5HX/zQrv3t9f+bjdKJbM12xr/tHuCTPHcAAAAAAADQawoRcTiSQnG9XCgUi2uf7zgaBwuVaq1+8mJ18fJMNL4rOxpDhead7pGWz0NMZJ+HbdYnN9SnIuJIRHw7cKBRL05XKzN7HTwAAAAAAAAAAAAAAAAAAAD0iEMRw3nf/0/9MZD/mDargWfRFj/5DTzn2ud/tqUbv/QE9CSv/9C/5D/0L/kP/Uv+Q/+S/9C/5D/0L/kP/Wsn+f/zuV08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAHg+nD93Ll1WVx5en07rM1eXFueqV0/NlGtzxfnF6eJ0deFKcbZana2Ui9PV+cf9vUq1emViMhavjdfLtfp4bWn5wnx18XL9wqX50mz5QnnoqUQFAAAAAAAAAAAAAAAAAAAAz5ba0vJcqVIpLygodFQY7I3D6MFCoTcOo8PCXo9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDIfwEAAP//wGE62g==")
r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0)
write$UHID_INPUT(r4, &(0x7f0000001680)={0x8, {"250cdf697acb4f0605d5043e74bfab6dd6791417c1a43c66aba7ceedeec78b57bc7f7b05ead024e54726eede5ecb73353ef74348a32b5afe16dad00068ff38d4811272802fd37ecc096eb6a2927af806b2ea70ae521ea63114461bfd55c46e1d4d6b8b80a72f7b6599774a45c2400fca7557da82a37f937ac786ce43641a60f3420b06484795af35e877c3b5dcbb14e5e8753b8c825c0a95ffe0f6fd898fe3c05a4fe0161c2704647c93edacbbe05d18c800ecdd17d613a697875ec5c25260c574fe7601b5343c7c960ec7bcc87e70647b11938b78fa3a9f379e7adc340c6b46182659c6eec10ed0fe94d687c5ba9d9c7a7f3ae65f1e987f4884a4dc67fbf0834896025823b9031037c0c7d6b7d52cd78c66432b5c30b56ce2159ced612a5557d17c94fd39081f5da362d93f9b153c1dfd924a5f06f72a690ec00ace5ba2a86a22adebf45ab6e9a7c32f7d62008cd5a74e53d8da35491e9f798449d2333c5ab64ae33c1677aec53eb0fd7fea9a4cb9e123f9c1c07eb709666e7b1d458e58b53f8ea694818fdbcaea6f4e017329a287f1234b90a039d3da8fcba36938ad4b838ea98bcd273f12d19fabe7ae423f750b3216562cd4fad38ecb4962ad39b6dd4c5d82594a859f8d12053ceb2c9913702a6f9335346bff816b8de0fbdb05af0026e24acc2cd4c27a8bec965453238f1eaa4d796ba9346e1de72235a33fb3d1171a0bb37ec03564562b700d3bd7ae0efd52c08b47151ddbd5da50e7dfdf18d5338222ee586d9d305033e7975edfb55ec8acf2f60c5148c6c0557356233dd1f3877b314e5adb504970bce1b1f2c73c4bcaeeddd50ef1fbb42dbd52a5845023747dc2bd92dfa9312f5ffbfebbb31570e57fea6db225a375609efeab91a39d518c5c597b11018df436d1ef38ade9dae1c4404f6a736276080496cbc073b7a0e3fd8145fbb3a65136781a392045e644e5e6c6e40306ad92599ea2d7d4037538284393a86f7ac6a7c2b55cdbee04a367da8c0b2f91b473646c7a997d7c01aeb75305a3b1b8c0c4e50e588659af31cd108acd8d52ddb272df059c5a81c55c738264b6234ffa932f30e20c9f5bd70b77fcc3f76b0199016fc2c7bf0149cb521752715faf9ba8ab0d28498109e89d19ba90dcb64f0fb62f5a9f85c3891722a9a52fde49344f72ac94a9ccc701a7b491efa385559764e22c3edd23e64bc9df9ab403fefc13a0a6b202e57d61f75919835af13339116b24e8e7367baec45c3506db11b9d3bfbe8583ee42a108abfd04a3bb0dac11972bb51eba6bb0a122c649ee97919d1041a350f64909c45cdc70010a92571a67465479380e5c9c19b430b0cf0b24f5e265b17f4fbf8eb5525f62558b0ddca7a360d936c72f05356949de6bcacf8dd7288e7f58343c6588b80b3ab650db3e82f76fdc5e0344528f9a25ad99c1026cbb717bcf9152bea4f65cc92e7c99ea3fcbc7635c06d7e08cb33c56256ac41d7d39ae2405140a2cde55fcf46d484cbda5326d3ab44aa8d1ef7216aeddaa18a4a727310a739fd5daa719f06dbd853f90c8658188e7208ac6a05d4a88360b0bbd5fb0c12d4673df7fff696bfc69a5b475056a80715bda8616d90a2873c766bb335a7d558567cce1abf393e6906f817fb2b592d43708625d1f5428e18c00348dc9790ffa0ab5215e03773bb6d4dd67ff1f785ee844bdf21a2f16865bb5cb982a04e658e2408bfb15b3ec64e47b0a74cdd264a4f334ef53500bf3f9295e6804fcdcea3755233c0758818c55a4b0521777f8f2baab456a1f84ccae6ef1bf3b043d6b8f04547acaa9d346f37f06e85282567fd63fe5174398339d32f2d212825f6fd2d6cc7fa3421017452a0e2bf80945ddb6ba876f9858ef79706ef70311aad51ef2750f8ee048f96f5d0f77282e74b583e72511b4e04473723219f9c2f57e89d1837b4fbba9adfca55f42830880571cc2c648e2a146bf6ab4c7bbbc06e7649a7884eb4992c9f364c2242f949b052916767262b41cda49f0e3035498c3c5d9a4d0f25e4a3ba0fe090912b143cc67e298996ff6b8ed1ef000ea3d9e2b3eb5d0f107a5d17a4465a6b44b33b270788eefdc034fecce8f5eee4f574abac7769d4ec932535653e7953d9a5155afaf06d570002fb2faa4a305c55ecda17023e741c194bac7ef3bc470a1468f86d640c50b278259b6a39e60f1947fda8415fea3fbcbb834d6cf95cd9a69a3fa89293fcf79b6e239a59a06d2b50c8cee830ff99c022098c436ebf6ecf751642930c14a35860919b17df5b9611d7a6ea7091f11e4e4a0f0851539e3b6aa3c0ea1efcb04388ebce2e5d75b5cdc6ee503220f246000422e0700000000000000b3d7fd14796238559e4fc32dbd3905e0a1426d3dd33cc336338915473d5c35cbb6ae6943e5612947628cf17c25ea98ea8640151e6ea37c290fde0c4f75b75689ed698ff213312993ac31440f51ec9f3f2ccb253edbe33ff4ab105dcc4153f62ad0fb4bdea058e51ece7ce8e52a8af0f79abaa57e903c0609fdc9a8c1f4af5926236245dd26f7c5a8c0b33326d77f8262bc76a60c070091a45287400e85deececa933c6e9fa7aad6f998b987bc3cabdeebaaeee82529e387db3be24ddef2a0ebc640d7ad8b3aaee1a9890b6f1963b5616d530d79fb20a718b468541814a342cc64eb49b8825fa3667f7705b541efbf94370abd3e29e17bbee2cb4bca3dbff1f7efd494c1e4f580a870c33dc5e400d19e6bc2446f5178b0d0e7391c4d2bb9d81ff50fe51e46602b078ba1baf27fc1da1a93de8c86306dbe0b218e6074037cf98958fe6839826eefa99ecd627eff1bc77c13eb5254cf9fb95c40c311d8da11bdf040250fabad9e00d556b1d7312e91c9de60ed450e4a166318aefc0da3221cb89fa01ac6be84af81f9ea26dbf61af12a059116100711bdcc8b6b06585ad6a3c2636aeef281684c0e66ea7a1730e9de4cc3c44f3ed8e5f98c977a2ece1ec625807573f105d9e88280f38ad65b9c981f5ef6d8a057e9ec0f46b83d5607ff2b506dd9da65c071865bd32f4e4fc28dfe23bc8aca0d3ca992b21c6ef9bcd3ff022b9649c3dfad513b117cd9e27d14fc376900bab6d815846ba5279a34b421fd24b385e7d10ede5912b9e9427bff1877d34d818efa6591d63c84aa2a1fed05493dda75aaf4a2cb4cc9b9598c298f042641da6b49cb89f0ae499681d77bbc3a79bb0e8ff2b983bc99eaf32503413cf5edac6a7fb80476f8dcef69d1741df8065b06f1fe7539578183645caad9416e03d001dbab6103a16cad98bc7212e7dafbd3519059c8dc3a15414a2456f75e8f474d6990a7c5202d42e04fac3b5917e056eb562930f9d388fd18ee645b797f38bd10c765250a111e48eeeda8f310d025526ad78da1c13cfd0e3a595859d2b3708875672376999134c68390ff662847b240aaebdce2772df67bcc414d9905f7a344803bbdfa71f4b36b77a5de995805d4caf3fee844d70b9e8590bf1a86c12330233b50ea24f34ade88d989c9c29daac0173d1b1619f66a442e1435effb19a115925738ed7eaca5b1e0f53e35783c47755941d633c24b2e505bd5a3da4f02aab9821e8a8cacfbc4fdf31e129bc40c4c5d7a2197848a64b7f9854f3d0a715d15d8fa862cd10c8243c5ddb1e11257dc67b1d2174cfb55046f6beaff1c886600d05a49faef290c7da43e9ed4d10370a7ba6068116f2780f7fa3fd8e08e4081920aff11857d1ff7a1d71887373f418cfa658cebdf2d7ff4c514e7ccdd8e7f92ed47bc2b7d6c018342d74d041ff815e3b4d91bcb5f193986e18893c63edf9f5640925ef33a8928a0b6c65ccf51b5cdd51334b5b20ab5cc237e72fa9ca0550c22142e516153035def2d87637861aff5c2c4172b3f5e9bceb3ff690b500f256ce900ed6d4e0550d7a0e40396edb0d6424ee4d67514a482cf37428c43131c06ab1f5ab95c6180aad6fe892333d4b77acb6473c6dca6b6d200747dfaa35705c7fbee300b54c54d7f290384da59dfc1d3e734814a2b122850928c01251f12977b3a9e715b7bd823f1b845108e501a24859e6fe1cd1ad405097f1bb5f160c879c80606b1d4a05e048bdedf956ee31cb85a5fc4af9a114a18776b8530f968abeb93ea2ade58695cedbad8d0f87671956599f0828ab8438f7d0db5ca6f8cec8e5e344f0d3244105924ffc10eb70ecb7405eb0ae86e20f94a4963ca12743fb375bdc61137545be1c6897feac6349ccbd98a59482cf23980cc48e0b51f1c2a859dd1c9f9d886349f90a672026845342f9ee0fe8b8520c33e1839d2435eceda7f632efe7f5836981b0540527d412bf544159e4a9003252f74506078ffadfa17b8d483c2018c87b3ea07f790f6f3cf5c737cd0df8a9989001281e063991f7dc8f86e05b1cf00d596ec725b05df3f21c3060440dce376d5e6a4bdae57c4036360da35bdfed4910a9b4f295e91a66ae0b3f47eeb159c02531f4ed1f5991643979ef43259c2cbbcea78849776f983edd8f6c71a9d0debb692803a80a9e91fdd30646160a1ee000162e5024e6ea60a337e9e1bc16f51a4f6b7a2ac31c84c80c8f8e6d7bbf2567cacf36d427eb7595b6bf99cb6eab4ff430bacd137c0f3f974afdb2c699967f9fc2574ae64fe284a63f7f6693e9585e7adbea191fffeb9eff8f3e0e8fa6e6e7054dc178fb678916272fa152ba9d118fea3828cfc5a25cb0c85fbb41681f46aaa6cb4317680d753be582d355d902a748994c5a3b2e338a3c654f65ccaa89b86e65e27e2b8047d1314b6b94447f0b3e75aab80f52a3d11cb74d6221afbec4e203258356875464d26a74591b079635857d732060b6f061465840b0a46d6f3dc1da7d49c511e9c9b1de16ec60640f75cf7059abcf809759512f8196e95c7ac6d020e585e72522e305b907e95f6405de1ce7db90747edb1c024ef569599655866cb67f0b0cda72c2627ec039006421b2c4704b76af622de9c656238a27e9f2a1164163e258bccda6d265cc1df23688c86edb83de1fbee14d384d2f78cd9d4f4eff2c1fb24fe8aeea002ac5d00597968c30d10c9ffdc5b84f729c89157972a3427de7eb2d395a5c2ca987ff01c4db2c75eedb242d9b818cd7447bafb61e46e522b0a435399bab62eaa3a8c699d812dc2d96ec4fe87fa2606d3479277e5a7b3a0374c026ffbe3726b69171f8a746caaff016da482b8be58234054df7bc963c205fb0c41ef39a6f262c570e8f0ebd9c1707cdc3039c50fea2e1a64065f6477c551cce3d387f5c2d748a75828fc5a3b894e7243b6bbf6b63655919125d63c94dae1588d1da71798ee48a274295e31ab2577bb761a49e649e3eac3b52c1e6d52d20f05a4cbac2e548a10b7833c7cc5a06a45bc91ae96e80e9b9a1ad197cd63bd2379ff6beff6ac880611836190a456de8ecbac82af03b3617f43e796ea584f66d6265c204f8f815937c77e83e0b35656ea35d0f9164fb6dd0a45ade6f219680649e83c0d52b07b142c00b3dd76507159922d03ccfa321d79a3aa0f8334fac81dd5f9da69153d9fea7d202bfef16390d27b462d2396282af8697e2f8fa903f51ec95f2087fe7be667067558ade4f9e0530897a9adff8a930ffbf8cf902d6b8329826d07632a581c7d1457412f1abfa3bc788939279f647d100fe9141c3e4b174627c77eb4abfc247c0c738c38d6c796b5f823493fbf23b286af02ae268f23a518af0195535ab69af4e68f08b513e214ae4a2ef60b3f88a427da1f33afac9b129d4cc757caea0d194a3ccbf5bb500", 0x1000}}, 0x1006)
creat(&(0x7f0000000000)='./file1\x00', 0x63)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x38, 0x1, 0x0, 0x0, 0x0, 0x7, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, @perf_bp={0x0}, 0x10024, 0x10000, 0x1, 0x1, 0xa, 0x20005, 0x2b, 0x0, 0x0, 0x0, 0xffffffffffffff7d}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000850000000800000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4e, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000005c0)='sys_enter\x00', r5}, 0x10)
process_mrelease(0xffffffffffffffff, 0x0)

1.656715062s ago: executing program 3 (id=442):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = perf_event_open(&(0x7f0000001100)={0x5, 0x80, 0x9, 0x8, 0xb, 0xfb, 0x0, 0x3c, 0x704e, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}, 0x18842, 0x0, 0x7fffffff, 0x7, 0x9, 0x3, 0x7, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
perf_event_open$cgroup(&(0x7f0000000e40)={0x5, 0x80, 0x8, 0x7, 0x81, 0x75, 0x0, 0x4, 0x40400, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3ff, 0x2, @perf_config_ext={0x2, 0x2}, 0x0, 0x7, 0x80000000, 0x1, 0x401, 0x3, 0x8, 0x0, 0x8000006, 0x0, 0x8}, 0xffffffffffffffff, 0x0, r1, 0xa)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, &(0x7f0000000600))
r2 = creat(0x0, 0x0)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$tun(r2, &(0x7f0000000600)=ANY=[@ANYBLOB="000401040900006201"], 0x32)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200001400000bb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e000000850000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff73}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00', r5, 0x0, 0x4}, 0x18)
socket$kcm(0x11, 0xa, 0x300)
socket$kcm(0x2, 0xa, 0x2)
socket$kcm(0x2, 0xa, 0x73)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x18)

1.607771163s ago: executing program 0 (id=446):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
fcntl$lock(r0, 0x25, &(0x7f0000000000)={0x2, 0x0, 0xffffffff, 0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x100)
bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
socket$nl_route(0x10, 0x3, 0x0)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@newtfilter={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, 0x0, {0x10, 0xb}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)

1.541079474s ago: executing program 4 (id=447):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), r2)
sendmsg$NLBL_UNLABEL_C_STATICADD(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="0102feff1015054fdf601a6c75f02136570000804ca86f192a7f8f59c1cd0262089f30de7fdf2ceb33f37e9bd9a96dee83c5c2"], 0x14}, 0x8, 0x3000000000002}, 0x844)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000440)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r3, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @broadcast}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008000}, 0x40800)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x3, 0x13, &(0x7f00000009c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd07e}, [@printk={@p, {0x3, 0x2, 0x3, 0xa, 0x0}, {0x5}, {}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, @printk={@p, {0x3, 0x3, 0x6}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfffffff9}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a9ae583e37d4bfe4830315964d2a3f97b40ffffffff400000000c3e835e53fb756f2c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000015000380100000800c0001800500010051000000140000001100010000000000000000000100000aa6e2fa4d960de7a074ba16fcafe0656fa23607ab6ec0617ce4dba24bb57a7d9f51"], 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000480), r5)
getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000100)=0x7)

1.524459914s ago: executing program 0 (id=448):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sys_enter\x00', r1}, 0x10)
process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r6}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a00)=@newtaction={0x90, 0x30, 0xb, 0x0, 0x0, {}, [{0x7c, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x0, 0x80006}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_pedit={0x30, 0x2, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x90}}, 0x0)
unshare(0x42000000)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000010900010073797a310000000048000000030a01010000000000000000010000000900030073797a3100000000080007006e6174000900010073797a310000000014000480080002407c40280f080001"], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x40)

1.473225815s ago: executing program 3 (id=449):
mq_open(0x0, 0x42, 0x0, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
syz_emit_ethernet(0x4c, &(0x7f0000000140)={@link_local, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e70"}}}}}}}, 0x0)
recvmmsg(r1, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}, 0x401}, {{0x0, 0x0, 0x0}, 0x400}], 0x2, 0x1, 0x0)
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
timer_settime(0x0, 0x1, &(0x7f0000000040), 0x0)
socket$inet6(0xa, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x80000)

1.452600535s ago: executing program 1 (id=450):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="020000000400000008000000"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r0}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mlockall(0x6)

1.452097215s ago: executing program 1 (id=451):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="050000000400000099000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000000000000)

1.407357916s ago: executing program 4 (id=452):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x11, 0xf, &(0x7f0000000c00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)

1.392182647s ago: executing program 4 (id=454):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=@newsa={0xf8, 0x10, 0x7, 0x0, 0x0, {{@in6=@mcast2, @in=@multicast2, 0x4e20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xee00}, {@in6=@mcast1, 0x0, 0x2b}, @in6=@private0, {0x0, 0x0, 0x2, 0x0, 0x10000000}, {0x0, 0x200000, 0x7}, {0x0, 0x0, 0xae8}, 0x0, 0x0, 0xa, 0x2, 0x0, 0x70}, [@tfcpad={0x8, 0x16, 0x6}]}, 0xf8}}, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000009900000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000000000000)

1.311140978s ago: executing program 0 (id=457):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='mm_page_alloc\x00', r0, 0x0, 0x9}, 0x18)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000020000000000000800000000000061"], 0x0, 0x28}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@alu]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, r1, 0x8, 0x0, 0x0, 0x14, 0x0, 0xff3d}, 0x80)

1.293308558s ago: executing program 0 (id=458):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0))
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYRES64, @ANYRESHEX=r0, @ANYRESOCT=r0], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0x20000000000000bb, &(0x7f00000006c0)=ANY=[@ANYRES8=r0], &(0x7f0000000540)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r2}, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000240)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xd}}, 0x6}, 0x1c)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c)
fcntl$dupfd(r3, 0x0, r3)
sendmmsg(r3, &(0x7f00000028c0)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000100)="b3", 0x1}], 0x1}}], 0x1, 0x4015)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000080)={[{@bsdgroups}]}, 0xfc, 0x574, &(0x7f0000001980)="$eJzs3c9rHFUcAPDvbJI2/aFJoRT1IIEerNRumsQfFTzUk4gWC3qvS7INJZtuyW5KEwu2B3vxIkUQsSB69+6x+A/4VxS0UKQEPXiJzGY2XZPZNNlumm3384Fp35uZzZvvvvm+fbOzywbQt8bSfwoRL0fEN0nESMu2wcg2jq3tt/Lw+nS6JLG6+ulfSSTZuub+Sfb/oazyUkT89lXEycLmdmtLy3OlSqW8kNXH6/NXxmtLy6cuzZdmy7Ply5NTU2fempp89523uxbr6+f/+f6Tux+e+fr4yne/3D9yO4mzcTjb1hrHE7jRWhmLsew5GYqzG3ac6EJjvSTZ6wOgIwNZng9FOgaMxECW9blWR57moQG77Ms0rYE+lch/6FPNeUDz2r5L18HPjAfvr10AbY5/cO29kRhuXBsdXEn+d2WUXu+OdqH9tI1f/7xzO12i3fsQ+7vQEMAGN25GxOnBwc3jX5KNf507vY19NrbRb68/sJfupvOfN/LmP4X1+U/kzH8O5eRuJx6f/4X7XWimrXT+917u/Hf9ptXoQFZ7oTHnG0ouXqqU07HtxYg4EUP70/pERHyQfxPk88LKvdV27bfO/9Ilbb85F8yO4/7ghvnfTKleevLI1zy4GfFK7vw3We//JKf/0+fj/DbbOFa+82q7bY+Pf3et/hTxWm7/P+rMZOv7k+ON82G8eVZs9vetY7+3a3+v40/7/+DW8Y8mrfdraztv48fhf8vttnV6/u9LPmuU92XrrpXq9YWJiH3Jx5vXTz56bLPe3D+N/8Txrce/vPP/QJrY24z/1tFbrbsO7yz+3ZXGP7Oj/t954d5HX/zQrv3t9f+bjdKJbM12xr/tHuCTPHcAAAAAAADQawoRcTiSQnG9XCgUi2uf7zgaBwuVaq1+8mJ18fJMNL4rOxpDhead7pGWz0NMZJ+HbdYnN9SnIuJIRHw7cKBRL05XKzN7HTwAAAAAAAAAAAAAAAAAAAD0iEMRw3nf/0/9MZD/mDargWfRFj/5DTzn2ud/tqUbv/QE9CSv/9C/5D/0L/kP/Uv+Q/+S/9C/5D/0L/kP/Wsn+f/zuV08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAHg+nD93Ll1WVx5en07rM1eXFueqV0/NlGtzxfnF6eJ0deFKcbZana2Ui9PV+cf9vUq1emViMhavjdfLtfp4bWn5wnx18XL9wqX50mz5QnnoqUQFAAAAAAAAAAAAAAAAAAAAz5ba0vJcqVIpLygodFQY7I3D6MFCoTcOo8PCXo9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDIfwEAAP//wGE62g==")
r4 = creat(&(0x7f0000000140)='./file1\x00', 0x0)
write$UHID_INPUT(r4, &(0x7f0000001680)={0x8, {"250cdf697acb4f0605d5043e74bfab6dd6791417c1a43c66aba7ceedeec78b57bc7f7b05ead024e54726eede5ecb73353ef74348a32b5afe16dad00068ff38d4811272802fd37ecc096eb6a2927af806b2ea70ae521ea63114461bfd55c46e1d4d6b8b80a72f7b6599774a45c2400fca7557da82a37f937ac786ce43641a60f3420b06484795af35e877c3b5dcbb14e5e8753b8c825c0a95ffe0f6fd898fe3c05a4fe0161c2704647c93edacbbe05d18c800ecdd17d613a697875ec5c25260c574fe7601b5343c7c960ec7bcc87e70647b11938b78fa3a9f379e7adc340c6b46182659c6eec10ed0fe94d687c5ba9d9c7a7f3ae65f1e987f4884a4dc67fbf0834896025823b9031037c0c7d6b7d52cd78c66432b5c30b56ce2159ced612a5557d17c94fd39081f5da362d93f9b153c1dfd924a5f06f72a690ec00ace5ba2a86a22adebf45ab6e9a7c32f7d62008cd5a74e53d8da35491e9f798449d2333c5ab64ae33c1677aec53eb0fd7fea9a4cb9e123f9c1c07eb709666e7b1d458e58b53f8ea694818fdbcaea6f4e017329a287f1234b90a039d3da8fcba36938ad4b838ea98bcd273f12d19fabe7ae423f750b3216562cd4fad38ecb4962ad39b6dd4c5d82594a859f8d12053ceb2c9913702a6f9335346bff816b8de0fbdb05af0026e24acc2cd4c27a8bec965453238f1eaa4d796ba9346e1de72235a33fb3d1171a0bb37ec03564562b700d3bd7ae0efd52c08b47151ddbd5da50e7dfdf18d5338222ee586d9d305033e7975edfb55ec8acf2f60c5148c6c0557356233dd1f3877b314e5adb504970bce1b1f2c73c4bcaeeddd50ef1fbb42dbd52a5845023747dc2bd92dfa9312f5ffbfebbb31570e57fea6db225a375609efeab91a39d518c5c597b11018df436d1ef38ade9dae1c4404f6a736276080496cbc073b7a0e3fd8145fbb3a65136781a392045e644e5e6c6e40306ad92599ea2d7d4037538284393a86f7ac6a7c2b55cdbee04a367da8c0b2f91b473646c7a997d7c01aeb75305a3b1b8c0c4e50e588659af31cd108acd8d52ddb272df059c5a81c55c738264b6234ffa932f30e20c9f5bd70b77fcc3f76b0199016fc2c7bf0149cb521752715faf9ba8ab0d28498109e89d19ba90dcb64f0fb62f5a9f85c3891722a9a52fde49344f72ac94a9ccc701a7b491efa385559764e22c3edd23e64bc9df9ab403fefc13a0a6b202e57d61f75919835af13339116b24e8e7367baec45c3506db11b9d3bfbe8583ee42a108abfd04a3bb0dac11972bb51eba6bb0a122c649ee97919d1041a350f64909c45cdc70010a92571a67465479380e5c9c19b430b0cf0b24f5e265b17f4fbf8eb5525f62558b0ddca7a360d936c72f05356949de6bcacf8dd7288e7f58343c6588b80b3ab650db3e82f76fdc5e0344528f9a25ad99c1026cbb717bcf9152bea4f65cc92e7c99ea3fcbc7635c06d7e08cb33c56256ac41d7d39ae2405140a2cde55fcf46d484cbda5326d3ab44aa8d1ef7216aeddaa18a4a727310a739fd5daa719f06dbd853f90c8658188e7208ac6a05d4a88360b0bbd5fb0c12d4673df7fff696bfc69a5b475056a80715bda8616d90a2873c766bb335a7d558567cce1abf393e6906f817fb2b592d43708625d1f5428e18c00348dc9790ffa0ab5215e03773bb6d4dd67ff1f785ee844bdf21a2f16865bb5cb982a04e658e2408bfb15b3ec64e47b0a74cdd264a4f334ef53500bf3f9295e6804fcdcea3755233c0758818c55a4b0521777f8f2baab456a1f84ccae6ef1bf3b043d6b8f04547acaa9d346f37f06e85282567fd63fe5174398339d32f2d212825f6fd2d6cc7fa3421017452a0e2bf80945ddb6ba876f9858ef79706ef70311aad51ef2750f8ee048f96f5d0f77282e74b583e72511b4e04473723219f9c2f57e89d1837b4fbba9adfca55f42830880571cc2c648e2a146bf6ab4c7bbbc06e7649a7884eb4992c9f364c2242f949b052916767262b41cda49f0e3035498c3c5d9a4d0f25e4a3ba0fe090912b143cc67e298996ff6b8ed1ef000ea3d9e2b3eb5d0f107a5d17a4465a6b44b33b270788eefdc034fecce8f5eee4f574abac7769d4ec932535653e7953d9a5155afaf06d570002fb2faa4a305c55ecda17023e741c194bac7ef3bc470a1468f86d640c50b278259b6a39e60f1947fda8415fea3fbcbb834d6cf95cd9a69a3fa89293fcf79b6e239a59a06d2b50c8cee830ff99c022098c436ebf6ecf751642930c14a35860919b17df5b9611d7a6ea7091f11e4e4a0f0851539e3b6aa3c0ea1efcb04388ebce2e5d75b5cdc6ee503220f246000422e0700000000000000b3d7fd14796238559e4fc32dbd3905e0a1426d3dd33cc336338915473d5c35cbb6ae6943e5612947628cf17c25ea98ea8640151e6ea37c290fde0c4f75b75689ed698ff213312993ac31440f51ec9f3f2ccb253edbe33ff4ab105dcc4153f62ad0fb4bdea058e51ece7ce8e52a8af0f79abaa57e903c0609fdc9a8c1f4af5926236245dd26f7c5a8c0b33326d77f8262bc76a60c070091a45287400e85deececa933c6e9fa7aad6f998b987bc3cabdeebaaeee82529e387db3be24ddef2a0ebc640d7ad8b3aaee1a9890b6f1963b5616d530d79fb20a718b468541814a342cc64eb49b8825fa3667f7705b541efbf94370abd3e29e17bbee2cb4bca3dbff1f7efd494c1e4f580a870c33dc5e400d19e6bc2446f5178b0d0e7391c4d2bb9d81ff50fe51e46602b078ba1baf27fc1da1a93de8c86306dbe0b218e6074037cf98958fe6839826eefa99ecd627eff1bc77c13eb5254cf9fb95c40c311d8da11bdf040250fabad9e00d556b1d7312e91c9de60ed450e4a166318aefc0da3221cb89fa01ac6be84af81f9ea26dbf61af12a059116100711bdcc8b6b06585ad6a3c2636aeef281684c0e66ea7a1730e9de4cc3c44f3ed8e5f98c977a2ece1ec625807573f105d9e88280f38ad65b9c981f5ef6d8a057e9ec0f46b83d5607ff2b506dd9da65c071865bd32f4e4fc28dfe23bc8aca0d3ca992b21c6ef9bcd3ff022b9649c3dfad513b117cd9e27d14fc376900bab6d815846ba5279a34b421fd24b385e7d10ede5912b9e9427bff1877d34d818efa6591d63c84aa2a1fed05493dda75aaf4a2cb4cc9b9598c298f042641da6b49cb89f0ae499681d77bbc3a79bb0e8ff2b983bc99eaf32503413cf5edac6a7fb80476f8dcef69d1741df8065b06f1fe7539578183645caad9416e03d001dbab6103a16cad98bc7212e7dafbd3519059c8dc3a15414a2456f75e8f474d6990a7c5202d42e04fac3b5917e056eb562930f9d388fd18ee645b797f38bd10c765250a111e48eeeda8f310d025526ad78da1c13cfd0e3a595859d2b3708875672376999134c68390ff662847b240aaebdce2772df67bcc414d9905f7a344803bbdfa71f4b36b77a5de995805d4caf3fee844d70b9e8590bf1a86c12330233b50ea24f34ade88d989c9c29daac0173d1b1619f66a442e1435effb19a115925738ed7eaca5b1e0f53e35783c47755941d633c24b2e505bd5a3da4f02aab9821e8a8cacfbc4fdf31e129bc40c4c5d7a2197848a64b7f9854f3d0a715d15d8fa862cd10c8243c5ddb1e11257dc67b1d2174cfb55046f6beaff1c886600d05a49faef290c7da43e9ed4d10370a7ba6068116f2780f7fa3fd8e08e4081920aff11857d1ff7a1d71887373f418cfa658cebdf2d7ff4c514e7ccdd8e7f92ed47bc2b7d6c018342d74d041ff815e3b4d91bcb5f193986e18893c63edf9f5640925ef33a8928a0b6c65ccf51b5cdd51334b5b20ab5cc237e72fa9ca0550c22142e516153035def2d87637861aff5c2c4172b3f5e9bceb3ff690b500f256ce900ed6d4e0550d7a0e40396edb0d6424ee4d67514a482cf37428c43131c06ab1f5ab95c6180aad6fe892333d4b77acb6473c6dca6b6d200747dfaa35705c7fbee300b54c54d7f290384da59dfc1d3e734814a2b122850928c01251f12977b3a9e715b7bd823f1b845108e501a24859e6fe1cd1ad405097f1bb5f160c879c80606b1d4a05e048bdedf956ee31cb85a5fc4af9a114a18776b8530f968abeb93ea2ade58695cedbad8d0f87671956599f0828ab8438f7d0db5ca6f8cec8e5e344f0d3244105924ffc10eb70ecb7405eb0ae86e20f94a4963ca12743fb375bdc61137545be1c6897feac6349ccbd98a59482cf23980cc48e0b51f1c2a859dd1c9f9d886349f90a672026845342f9ee0fe8b8520c33e1839d2435eceda7f632efe7f5836981b0540527d412bf544159e4a9003252f74506078ffadfa17b8d483c2018c87b3ea07f790f6f3cf5c737cd0df8a9989001281e063991f7dc8f86e05b1cf00d596ec725b05df3f21c3060440dce376d5e6a4bdae57c4036360da35bdfed4910a9b4f295e91a66ae0b3f47eeb159c02531f4ed1f5991643979ef43259c2cbbcea78849776f983edd8f6c71a9d0debb692803a80a9e91fdd30646160a1ee000162e5024e6ea60a337e9e1bc16f51a4f6b7a2ac31c84c80c8f8e6d7bbf2567cacf36d427eb7595b6bf99cb6eab4ff430bacd137c0f3f974afdb2c699967f9fc2574ae64fe284a63f7f6693e9585e7adbea191fffeb9eff8f3e0e8fa6e6e7054dc178fb678916272fa152ba9d118fea3828cfc5a25cb0c85fbb41681f46aaa6cb4317680d753be582d355d902a748994c5a3b2e338a3c654f65ccaa89b86e65e27e2b8047d1314b6b94447f0b3e75aab80f52a3d11cb74d6221afbec4e203258356875464d26a74591b079635857d732060b6f061465840b0a46d6f3dc1da7d49c511e9c9b1de16ec60640f75cf7059abcf809759512f8196e95c7ac6d020e585e72522e305b907e95f6405de1ce7db90747edb1c024ef569599655866cb67f0b0cda72c2627ec039006421b2c4704b76af622de9c656238a27e9f2a1164163e258bccda6d265cc1df23688c86edb83de1fbee14d384d2f78cd9d4f4eff2c1fb24fe8aeea002ac5d00597968c30d10c9ffdc5b84f729c89157972a3427de7eb2d395a5c2ca987ff01c4db2c75eedb242d9b818cd7447bafb61e46e522b0a435399bab62eaa3a8c699d812dc2d96ec4fe87fa2606d3479277e5a7b3a0374c026ffbe3726b69171f8a746caaff016da482b8be58234054df7bc963c205fb0c41ef39a6f262c570e8f0ebd9c1707cdc3039c50fea2e1a64065f6477c551cce3d387f5c2d748a75828fc5a3b894e7243b6bbf6b63655919125d63c94dae1588d1da71798ee48a274295e31ab2577bb761a49e649e3eac3b52c1e6d52d20f05a4cbac2e548a10b7833c7cc5a06a45bc91ae96e80e9b9a1ad197cd63bd2379ff6beff6ac880611836190a456de8ecbac82af03b3617f43e796ea584f66d6265c204f8f815937c77e83e0b35656ea35d0f9164fb6dd0a45ade6f219680649e83c0d52b07b142c00b3dd76507159922d03ccfa321d79a3aa0f8334fac81dd5f9da69153d9fea7d202bfef16390d27b462d2396282af8697e2f8fa903f51ec95f2087fe7be667067558ade4f9e0530897a9adff8a930ffbf8cf902d6b8329826d07632a581c7d1457412f1abfa3bc788939279f647d100fe9141c3e4b174627c77eb4abfc247c0c738c38d6c796b5f823493fbf23b286af02ae268f23a518af0195535ab69af4e68f08b513e214ae4a2ef60b3f88a427da1f33afac9b129d4cc757caea0d194a3ccbf5bb500", 0x1000}}, 0x1006)
creat(&(0x7f0000000000)='./file1\x00', 0x63)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000850000000800000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4e, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000005c0)='sys_enter\x00', r5}, 0x10)
process_mrelease(0xffffffffffffffff, 0x0)

1.017167303s ago: executing program 2 (id=464):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r2, 0x2007ffc)
sendfile(r2, r2, 0x0, 0x800000009)

975.149483ms ago: executing program 2 (id=465):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x3d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000007c0)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_type(r1, &(0x7f0000000200), 0x2, 0x0)
mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
close(0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
socket(0x10, 0x80002, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
socket$netlink(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r4=>0xffffffffffffffff})
getpeername$packet(r4, &(0x7f0000000000)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r3, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r5}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0) (fail_nth: 2)

756.380307ms ago: executing program 2 (id=466):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000220000000400000002"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1, <r2=>0xffffffffffffffff}, 0x0, &(0x7f0000000140)=r0}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000280), &(0x7f00000002c0)=r0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000400)={r3, &(0x7f0000000340), 0x0}, 0x20)

697.026898ms ago: executing program 2 (id=467):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x9, 0xc, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRESOCT=0x0, @ANYRES64=0x0], &(0x7f0000000240)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x41100, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='kfree\x00', r0}, 0x18)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x4, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x3d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2000000}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000007c0)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat$cgroup_type(r1, &(0x7f0000000200), 0x2, 0x0)
mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
close(0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_udplite(0x2, 0x2, 0x88)
socket(0x10, 0x80002, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000100)=@req={0x3fc, 0x4000}, 0x10)
r4 = socket(0x1e, 0x4, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x5, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b100000095"], 0x0, 0x238, 0x0, 0x0, 0x40f00, 0x18, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x203}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r5, 0x0, 0xffffffffffffffff}, 0x13)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
recvfrom(r3, &(0x7f0000000140)=""/104, 0x68, 0x12020, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
socket$netlink(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r6 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r6, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)

595.10859ms ago: executing program 3 (id=468):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000002c0)='sys_enter\x00', r1}, 0x10)
process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', 0xffffffffffffffff, 0x0, 0x8}, 0x18)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x62, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x208, 0x21}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b703000000000001850000001b000000b70000000000070095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r5}, 0x18)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a00)=@newtaction={0x90, 0x30, 0xb, 0x0, 0x0, {}, [{0x7c, 0x1, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x0, 0x80006}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_pedit={0x30, 0x2, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x90}}, 0x0)
unshare(0x42000000)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000010900010073797a310000000048000000030a01010000000000000000010000000900030073797a3100000000080007006e6174000900010073797a310000000014000480080002407c40280f080001"], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x40)

594.0131ms ago: executing program 1 (id=469):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='mm_page_alloc\x00', r0, 0x0, 0x9}, 0x18)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000020000000000000800000000000061"], 0x0, 0x28}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@alu]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, r1, 0x8, 0x0, 0x0, 0x14, 0x0, 0xff3d}, 0x80)

542.71381ms ago: executing program 1 (id=470):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
fcntl$lock(r0, 0x25, &(0x7f0000000000)={0x2, 0x0, 0xffffffff, 0xffffffffffffffff})
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x100)
bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48)
socket$nl_route(0x10, 0x3, 0x0)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x34120, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r2}, &(0x7f0000000180), &(0x7f00000001c0)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x1, 0x0, 0x7ffc1ffb}]})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=@newtfilter={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, 0x0, {0x10, 0xb}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
socket$inet_udp(0x2, 0x2, 0x0)

516.620511ms ago: executing program 4 (id=471):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000008da4b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = perf_event_open(&(0x7f0000001100)={0x5, 0x80, 0x9, 0x8, 0xb, 0xfb, 0x0, 0x3c, 0x704e, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0, 0x1}, 0x18842, 0x0, 0x7fffffff, 0x7, 0x9, 0x3, 0x7, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
perf_event_open$cgroup(&(0x7f0000000e40)={0x5, 0x80, 0x8, 0x7, 0x81, 0x75, 0x0, 0x4, 0x40400, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3ff, 0x2, @perf_config_ext={0x2, 0x2}, 0x0, 0x7, 0x80000000, 0x1, 0x401, 0x3, 0x8, 0x0, 0x8000006, 0x0, 0x8}, 0xffffffffffffffff, 0x0, r1, 0xa)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, &(0x7f0000000600))
r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r3 = open$dir(0x0, 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$tun(r2, &(0x7f0000000600)=ANY=[@ANYBLOB="000401040900006201"], 0x32)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70200001400000bb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e000000850000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff73}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00', r5, 0x0, 0x4}, 0x18)
socket$kcm(0x11, 0xa, 0x300)
socket$kcm(0x2, 0xa, 0x2)
socket$kcm(0x2, 0xa, 0x73)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f00000002c0)='syzkaller\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x18)

395.612693ms ago: executing program 0 (id=472):
r0 = socket$inet_sctp(0x2, 0x1, 0x84) (async)
r1 = semget(0x2, 0x4, 0x200)
semop(r1, &(0x7f0000000040)=[{0x0, 0x7fff, 0x1800}, {0x0, 0x8001}], 0x2)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000200)=ANY=[@ANYBLOB="18dfff0000002577c60020000000000000000000", @ANYRESHEX=r1, @ANYRESHEX=r1], 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010005000900000001"], 0x48) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x0, 0xc, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="836d664d5a551fa5bd1405d33a715f6c4dac32bbc0b85e7926f2bf5504d845e5651b5984a61a30a1eeab4f2b68640be25d6d69811937896af1b8bec4143a3acf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x18, 0xc, &(0x7f0000000800)=ANY=[@ANYRESOCT=0x0, @ANYRESOCT=r3, @ANYRESOCT=r2, @ANYRESHEX=r4, @ANYRES16=r2], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9680bc9288c80f41, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r5}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0a00000001010000ff7f0000cc"], 0x48)
semop(r1, &(0x7f00000000c0)=[{0x3, 0x7, 0x1800}, {0x0, 0x5, 0x1800}], 0x2) (async)
syz_emit_ethernet(0x16, 0x0, 0x0)
r6 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r6, 0x26, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) (async)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in={0x2, 0x4e21, @loopback}], 0x10) (async)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000000)="fd", 0x1}], 0x1, 0x0, 0x0, 0x804c044}, 0x881) (async)
r7 = dup(0xffffffffffffffff)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff53000000800395032303030"], 0x15)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x70, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94) (async)
pipe2$9p(&(0x7f0000000000)={<r8=>0xffffffffffffffff, <r9=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r9, &(0x7f0000000300)=ANY=[], 0x15) (async)
r10 = dup(r9)
write$P9_RLERRORu(r10, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r10, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20) (async)
socket$packet(0x11, 0x3, 0x300) (async)
write$binfmt_elf64(r10, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8) (async)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r8, @ANYBLOB=',wfdno=', @ANYRESHEX=r10])
umount2(&(0x7f0000000140)='./file0\x00', 0x0)
setsockopt$sock_int(r7, 0x1, 0x8, &(0x7f0000000100)=0x7, 0x4) (async)
write$RDMA_USER_CM_CMD_RESOLVE_ROUTE(r7, &(0x7f0000000180)={0x4, 0x8, 0xfa00, {0xffffffffffffffff, 0x4}}, 0x29fdf)

394.953253ms ago: executing program 3 (id=473):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="020000000400000008000000"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r0}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mlockall(0x6)

361.618523ms ago: executing program 2 (id=474):
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
socket$netlink(0x10, 0x3, 0xf)
r0 = socket$netlink(0x10, 0x3, 0xf)
r1 = socket$xdp(0x2c, 0x3, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x7, &(0x7f0000000540)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000480)='kfree\x00', r3}, 0x10)
r4 = perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0x82, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r4, 0x40082406, &(0x7f0000000180)='cpu==-||!')
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x11, 0x3, &(0x7f0000000740)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400}}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x18)
mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0)
mq_unlink(&(0x7f0000000000)='eth0\x00')
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x2, 0xc}, 0x48)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r6}, &(0x7f0000000000), &(0x7f0000000180)}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r7}, 0x10)
r8 = add_key(&(0x7f00000001c0)='user\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f00000000c0)='9', 0x1, 0xfffffffffffffffc)
keyctl$chown(0x4, r8, 0xee00, 0xffffffffffffffff)
keyctl$chown(0x4, r8, 0x0, 0x0)
r9 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1b, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1004}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r9}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xeb48195b69e85694, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x2000000000000275, &(0x7f0000000040)=ANY=[@ANYRES16=r6], &(0x7f0000000600)='GPL\x00', 0xc55b, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd88, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r10, 0x0, 0x5}, 0x18)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x328000, 0x1000}, 0x20)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000080)=0x100, 0x4)
bind$netlink(r0, &(0x7f0000000300)={0x10, 0x0, 0x25dfdbfb, 0x29fff7ff6}, 0xc)

361.097103ms ago: executing program 3 (id=475):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000004c0)='mm_page_free\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r2, 0x2007ffc)
sendfile(r2, r2, 0x0, 0x800000009)

226.112806ms ago: executing program 0 (id=476):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18)
r1 = socket$kcm(0x10, 0x2, 0x0)
r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000400)='GPL\x00', 0x4, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000180)='kfree\x00', r3}, 0x18)
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r5, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r6, @ANYBLOB="01000000000000001c0012000c000100626f6e64"], 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(r5, &(0x7f0000000040)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5800000010000304000000010000000000000000", @ANYRES32=0x0, @ANYBLOB="46060900000000002800128009000100766c616e00000000180002800c0002001f0000001f000000060001000100000008000500", @ANYRES32=r8, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r8], 0x58}, 0x1, 0x0, 0x0, 0x600}, 0x0)
write$selinux_load(r2, &(0x7f0000000280)={0xf97cff8c, 0x8, 'SE Linux', "1ed2d7637b78c26a359c316814798701"}, 0x20)
sendmsg$kcm(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000600142603600e1208000f0000000401a80016002000024006000a00035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6cc", 0xd8}], 0x1}, 0x0)

225.517746ms ago: executing program 1 (id=477):
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="12000000220000000400000002"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000200), 0x0}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000280), &(0x7f00000002c0)=r0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000400)={r3, &(0x7f0000000340), 0x0}, 0x20)

110.976368ms ago: executing program 1 (id=478):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6}]})
recvmsg(0xffffffffffffffff, 0x0, 0x2)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000380)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000002", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x50)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10)
setsockopt$sock_int(r2, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
sendto$inet(r2, 0x0, 0x0, 0xc806, &(0x7f0000000180)={0x2, 0x4e21, @multicast1}, 0x10)
sendto$inet(r2, &(0x7f0000000100)='J', 0xfdbe, 0x4004084, 0x0, 0x11000a00)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x10, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@generic={0x0, 0x7, 0x4, 0xc000, 0x5}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe5}, 0x94)
setsockopt$sock_void(r2, 0x1, 0x29, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/bus/input/devices\x00', 0x0, 0x0)
mq_open(&(0x7f0000000900)='!selinu\xff\x7f\x00\x00inux\x00T\x8b\xb5\xf3\xcb\xdd\xe3\xbf2\x86\x01\x84\xdd\x8a\x8f_l\xa1L\xb1\xef\xb2\xc9\xf7+C\xb2\x8e9\xb8\xec\x1a\xe5\xaeq\x8fZ\xff\xbcY+\xaf0<\xa3\xb8\"Zm\x1c\x18\x11\x93\xb5z \xc2\x8b\xa9\xc5\x9es\t\xfe\x002\xa0-\xaf\xcdP\x9f\xe5Iv\xce*\xa8\xa3\x14i\x05\x8f\x9b\x1eB\x9f\x9d#E\x19\xdc\xfe\xc7\xeb\xb5\xcd\xc8\xe2U\xce\x00\x00\xae|\x92/\x06\x81\xe2O \xd3\xb2O{b\x9e=M\x86\xc7{\x1c\x92\'\xe7\x0f\x18\x94B\x8d\x02\xfa\x864Lp\x10\xf83\xd1>_\xa6\xc2\xe3\xb0\xc6\x02S\xe1\xc0\xab\xd2\x92@\x1c\x9b\x01[3\x8e\xaf\x93\xcf7u\xef\xea\xf3\xcd\xffZ\x99O\x97\xc4\xe4\x8e7\xf2f', 0x2, 0x2c, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x2, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x53, '\x00', 0x0, 0x2}, 0x94)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x4c02})
socket$kcm(0x2, 0xa, 0x2)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r3}, &(0x7f0000000080), &(0x7f00000006c0)='%-010d \x00'}, 0x20)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
setregid(0xffffffffffffffff, 0x0)
symlink(&(0x7f00000003c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
statfs(&(0x7f0000000a40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0xf, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

110.483878ms ago: executing program 2 (id=479):
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=<r0=>0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r2, &(0x7f0000000100)=@pppol2tpv3={0x18, 0x1, {0x0, r1, {0x2, 0x0, @loopback}, 0x4}}, 0x2e)
syz_emit_ethernet(0x4c, &(0x7f0000000140)={@link_local, @random="ece65fbcee55", @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x16, 0x11, 0x0, @remote, @local, {[], {0x0, 0xe22, 0x16, 0x0, @gue={{0x2, 0x0, 0x0, 0x3}, "30b00afe4e70"}}}}}}}, 0x0)
recvmmsg(r2, &(0x7f0000000840)=[{{0x0, 0x0, 0x0}, 0x401}, {{0x0, 0x0, 0x0}, 0x400}], 0x2, 0x1, 0x0)
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
timer_settime(r0, 0x1, &(0x7f0000000040), 0x0)
socket$inet6(0xa, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x80000)

109.871698ms ago: executing program 4 (id=480):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="050000000400000099000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x64, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=ANY=[], &(0x7f0000000180), 0x0)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x200000000000000)

0s ago: executing program 3 (id=481):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='mm_page_alloc\x00', r0, 0x0, 0x9}, 0x18)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000004000000020000000000000800000000000061"], 0x0, 0x28}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0xd, 0x4, &(0x7f0000001300)=@framed={{}, [@alu]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb, r1, 0x8, 0x0, 0x0, 0x14, 0x0, 0xff3d}, 0x80)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.206' (ED25519) to the list of known hosts.
[   27.519498][   T29] audit: type=1400 audit(1753633957.603:62): avc:  denied  { mounton } for  pid=3292 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   27.520665][ T3292] cgroup: Unknown subsys name 'net'
[   27.542258][   T29] audit: type=1400 audit(1753633957.603:63): avc:  denied  { mount } for  pid=3292 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   27.569689][   T29] audit: type=1400 audit(1753633957.633:64): avc:  denied  { unmount } for  pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   27.707224][ T3292] cgroup: Unknown subsys name 'cpuset'
[   27.713664][ T3292] cgroup: Unknown subsys name 'rlimit'
[   27.864956][   T29] audit: type=1400 audit(1753633957.943:65): avc:  denied  { setattr } for  pid=3292 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   27.888341][   T29] audit: type=1400 audit(1753633957.943:66): avc:  denied  { create } for  pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   27.895304][ T3296] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   27.908838][   T29] audit: type=1400 audit(1753633957.953:67): avc:  denied  { write } for  pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   27.937877][   T29] audit: type=1400 audit(1753633957.953:68): avc:  denied  { read } for  pid=3292 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   27.945203][ T3292] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   27.958239][   T29] audit: type=1400 audit(1753633957.953:69): avc:  denied  { mounton } for  pid=3292 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   27.992383][   T29] audit: type=1400 audit(1753633957.953:70): avc:  denied  { mount } for  pid=3292 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   28.015913][   T29] audit: type=1400 audit(1753633958.003:71): avc:  denied  { relabelto } for  pid=3296 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   29.199454][ T3303] chnl_net:caif_netlink_parms(): no params data found
[   29.259054][ T3303] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.266162][ T3303] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.273697][ T3303] bridge_slave_0: entered allmulticast mode
[   29.280260][ T3303] bridge_slave_0: entered promiscuous mode
[   29.288782][ T3303] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.295919][ T3303] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.303238][ T3303] bridge_slave_1: entered allmulticast mode
[   29.309797][ T3303] bridge_slave_1: entered promiscuous mode
[   29.359830][ T3303] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   29.387833][ T3303] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   29.429838][ T3315] chnl_net:caif_netlink_parms(): no params data found
[   29.448703][ T3307] chnl_net:caif_netlink_parms(): no params data found
[   29.459068][ T3303] team0: Port device team_slave_0 added
[   29.479394][ T3303] team0: Port device team_slave_1 added
[   29.485094][ T3305] chnl_net:caif_netlink_parms(): no params data found
[   29.494314][ T3311] chnl_net:caif_netlink_parms(): no params data found
[   29.546033][ T3303] batman_adv: batadv0: Adding interface: batadv_slave_0
[   29.553067][ T3303] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.579036][ T3303] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   29.592970][ T3303] batman_adv: batadv0: Adding interface: batadv_slave_1
[   29.600007][ T3303] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   29.625973][ T3303] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   29.659427][ T3315] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.666712][ T3315] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.673886][ T3315] bridge_slave_0: entered allmulticast mode
[   29.680506][ T3315] bridge_slave_0: entered promiscuous mode
[   29.704527][ T3315] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.711704][ T3315] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.718966][ T3315] bridge_slave_1: entered allmulticast mode
[   29.725342][ T3315] bridge_slave_1: entered promiscuous mode
[   29.741704][ T3307] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.748840][ T3307] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.756010][ T3307] bridge_slave_0: entered allmulticast mode
[   29.762660][ T3307] bridge_slave_0: entered promiscuous mode
[   29.793015][ T3307] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.800186][ T3307] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.807548][ T3307] bridge_slave_1: entered allmulticast mode
[   29.813972][ T3307] bridge_slave_1: entered promiscuous mode
[   29.826222][ T3315] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   29.847302][ T3303] hsr_slave_0: entered promiscuous mode
[   29.853346][ T3303] hsr_slave_1: entered promiscuous mode
[   29.865900][ T3307] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   29.876265][ T3315] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   29.885506][ T3305] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.892681][ T3305] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.899995][ T3305] bridge_slave_0: entered allmulticast mode
[   29.906368][ T3305] bridge_slave_0: entered promiscuous mode
[   29.913112][ T3305] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.920216][ T3305] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.927432][ T3305] bridge_slave_1: entered allmulticast mode
[   29.933907][ T3305] bridge_slave_1: entered promiscuous mode
[   29.940357][ T3311] bridge0: port 1(bridge_slave_0) entered blocking state
[   29.947483][ T3311] bridge0: port 1(bridge_slave_0) entered disabled state
[   29.954697][ T3311] bridge_slave_0: entered allmulticast mode
[   29.961135][ T3311] bridge_slave_0: entered promiscuous mode
[   29.967951][ T3311] bridge0: port 2(bridge_slave_1) entered blocking state
[   29.975030][ T3311] bridge0: port 2(bridge_slave_1) entered disabled state
[   29.982261][ T3311] bridge_slave_1: entered allmulticast mode
[   29.988802][ T3311] bridge_slave_1: entered promiscuous mode
[   29.995813][ T3307] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   30.039778][ T3305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   30.055365][ T3311] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   30.069858][ T3307] team0: Port device team_slave_0 added
[   30.076282][ T3315] team0: Port device team_slave_0 added
[   30.088303][ T3305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   30.103837][ T3311] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   30.113715][ T3307] team0: Port device team_slave_1 added
[   30.120238][ T3315] team0: Port device team_slave_1 added
[   30.133996][ T3305] team0: Port device team_slave_0 added
[   30.162059][ T3305] team0: Port device team_slave_1 added
[   30.177643][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_0
[   30.184695][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   30.210762][ T3307] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   30.227250][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_0
[   30.234242][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   30.260292][ T3315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   30.285394][ T3311] team0: Port device team_slave_0 added
[   30.292104][ T3311] team0: Port device team_slave_1 added
[   30.298334][ T3307] batman_adv: batadv0: Adding interface: batadv_slave_1
[   30.305357][ T3307] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   30.331346][ T3307] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   30.342457][ T3315] batman_adv: batadv0: Adding interface: batadv_slave_1
[   30.349453][ T3315] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   30.375526][ T3315] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   30.389100][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_0
[   30.396084][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   30.422067][ T3305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   30.448332][ T3311] batman_adv: batadv0: Adding interface: batadv_slave_0
[   30.455319][ T3311] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   30.481389][ T3311] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   30.494681][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_1
[   30.501731][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   30.527709][ T3305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   30.553237][ T3311] batman_adv: batadv0: Adding interface: batadv_slave_1
[   30.560363][ T3311] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   30.586340][ T3311] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   30.607901][ T3315] hsr_slave_0: entered promiscuous mode
[   30.613974][ T3315] hsr_slave_1: entered promiscuous mode
[   30.619910][ T3315] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   30.627656][ T3315] Cannot create hsr debugfs directory
[   30.677003][ T3307] hsr_slave_0: entered promiscuous mode
[   30.683015][ T3307] hsr_slave_1: entered promiscuous mode
[   30.688980][ T3307] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   30.696580][ T3307] Cannot create hsr debugfs directory
[   30.707283][ T3311] hsr_slave_0: entered promiscuous mode
[   30.713435][ T3311] hsr_slave_1: entered promiscuous mode
[   30.719596][ T3311] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   30.727288][ T3311] Cannot create hsr debugfs directory
[   30.735010][ T3305] hsr_slave_0: entered promiscuous mode
[   30.741385][ T3305] hsr_slave_1: entered promiscuous mode
[   30.747233][ T3305] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   30.754849][ T3305] Cannot create hsr debugfs directory
[   30.896748][ T3303] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   30.917728][ T3303] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   30.928788][ T3303] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   30.949729][ T3303] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   30.986714][ T3315] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   30.995527][ T3315] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   31.005026][ T3315] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   31.014027][ T3315] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   31.044745][ T3311] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   31.055378][ T3311] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   31.064559][ T3311] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   31.073785][ T3311] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   31.127895][ T3303] 8021q: adding VLAN 0 to HW filter on device bond0
[   31.135694][ T3305] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   31.144932][ T3305] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   31.154296][ T3305] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   31.163280][ T3305] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   31.193562][ T3303] 8021q: adding VLAN 0 to HW filter on device team0
[   31.202501][ T3307] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   31.215926][ T3315] 8021q: adding VLAN 0 to HW filter on device bond0
[   31.223752][ T3307] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   31.232705][ T3307] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   31.242962][ T3307] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   31.257299][  T155] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.264570][  T155] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.281411][  T155] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.288547][  T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.308477][ T3315] 8021q: adding VLAN 0 to HW filter on device team0
[   31.324139][  T155] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.331347][  T155] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.363127][  T155] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.370341][  T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.402235][ T3311] 8021q: adding VLAN 0 to HW filter on device bond0
[   31.411396][ T3303] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   31.446349][ T3305] 8021q: adding VLAN 0 to HW filter on device bond0
[   31.460962][ T3307] 8021q: adding VLAN 0 to HW filter on device bond0
[   31.469571][ T3311] 8021q: adding VLAN 0 to HW filter on device team0
[   31.482291][ T3305] 8021q: adding VLAN 0 to HW filter on device team0
[   31.496321][ T3303] 8021q: adding VLAN 0 to HW filter on device batadv0
[   31.509370][  T155] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.516492][  T155] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.525580][  T155] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.532702][  T155] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.541480][  T155] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.548569][  T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.565655][  T155] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.572920][  T155] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.585545][ T3307] 8021q: adding VLAN 0 to HW filter on device team0
[   31.608099][   T31] bridge0: port 1(bridge_slave_0) entered blocking state
[   31.615511][   T31] bridge0: port 1(bridge_slave_0) entered forwarding state
[   31.641235][ T3311] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   31.651819][ T3311] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   31.667701][   T31] bridge0: port 2(bridge_slave_1) entered blocking state
[   31.674913][   T31] bridge0: port 2(bridge_slave_1) entered forwarding state
[   31.736003][ T3315] 8021q: adding VLAN 0 to HW filter on device batadv0
[   31.793231][ T3303] veth0_vlan: entered promiscuous mode
[   31.802319][ T3311] 8021q: adding VLAN 0 to HW filter on device batadv0
[   31.831517][ T3303] veth1_vlan: entered promiscuous mode
[   31.860886][ T3307] 8021q: adding VLAN 0 to HW filter on device batadv0
[   31.883338][ T3303] veth0_macvtap: entered promiscuous mode
[   31.896786][ T3305] 8021q: adding VLAN 0 to HW filter on device batadv0
[   31.909237][ T3303] veth1_macvtap: entered promiscuous mode
[   31.940178][ T3303] batman_adv: batadv0: Interface activated: batadv_slave_0
[   31.965901][ T3303] batman_adv: batadv0: Interface activated: batadv_slave_1
[   31.975951][ T3315] veth0_vlan: entered promiscuous mode
[   31.997311][ T3303] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.006245][ T3303] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.015023][ T3303] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.023883][ T3303] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.034700][ T3311] veth0_vlan: entered promiscuous mode
[   32.049760][ T3311] veth1_vlan: entered promiscuous mode
[   32.060353][ T3315] veth1_vlan: entered promiscuous mode
[   32.086119][ T3311] veth0_macvtap: entered promiscuous mode
[   32.101985][ T3311] veth1_macvtap: entered promiscuous mode
[   32.125452][ T3315] veth0_macvtap: entered promiscuous mode
[   32.134955][ T3315] veth1_macvtap: entered promiscuous mode
[   32.146908][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_0
[   32.155352][ T3303] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   32.164885][ T3307] veth0_vlan: entered promiscuous mode
[   32.184337][ T3311] batman_adv: batadv0: Interface activated: batadv_slave_1
[   32.194378][ T3311] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.203512][ T3311] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.212329][ T3311] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.221165][ T3311] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.237208][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_0
[   32.248416][ T3307] veth1_vlan: entered promiscuous mode
[   32.264159][ T3315] batman_adv: batadv0: Interface activated: batadv_slave_1
[   32.281293][ T3307] veth0_macvtap: entered promiscuous mode
[   32.291925][ T3307] veth1_macvtap: entered promiscuous mode
[   32.299973][ T3315] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.308887][ T3315] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.317742][ T3315] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.326646][ T3315] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.371850][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_0
[   32.389726][    C1] hrtimer: interrupt took 38251 ns
[   32.392639][ T3307] batman_adv: batadv0: Interface activated: batadv_slave_1
[   32.405498][ T3307] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.414355][ T3307] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.423348][ T3307] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.432131][ T3307] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.463750][ T3305] veth0_vlan: entered promiscuous mode
[   32.492133][ T3305] veth1_vlan: entered promiscuous mode
[   32.502491][ T3475] loop1: detected capacity change from 0 to 256
[   32.512428][ T3479] openvswitch: netlink: Message has 6 unknown bytes.
[   32.533310][   T29] kauditd_printk_skb: 49 callbacks suppressed
[   32.533400][   T29] audit: type=1400 audit(1753633962.613:121): avc:  denied  { ioctl } for  pid=3480 comm="syz.2.3" path="/dev/sg0" dev="devtmpfs" ino=135 ioctlcmd=0x227f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[   32.540859][ T3305] veth0_macvtap: entered promiscuous mode
[   32.580438][ T3481] loop2: detected capacity change from 0 to 1024
[   32.587539][ T3481] =======================================================
[   32.587539][ T3481] WARNING: The mand mount option has been deprecated and
[   32.587539][ T3481]          and is ignored by this kernel. Remove the mand
[   32.587539][ T3481]          option from the mount to silence this warning.
[   32.587539][ T3481] =======================================================
[   32.638552][   T29] audit: type=1400 audit(1753633962.653:122): avc:  denied  { audit_write } for  pid=3480 comm="syz.2.3" capability=29  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   32.645472][ T3305] veth1_macvtap: entered promiscuous mode
[   32.659581][   T29] audit: type=1107 audit(1753633962.653:123): pid=3480 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[   32.678435][   T29] audit: type=1400 audit(1753633962.663:124): avc:  denied  { create } for  pid=3478 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   32.715613][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_0
[   32.729338][   T29] audit: type=1400 audit(1753633962.813:125): avc:  denied  { mount } for  pid=3473 comm="syz.1.6" name="/" dev="loop1" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[   32.751583][   T29] audit: type=1326 audit(1753633962.813:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3473 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f263613d310 code=0x7ffc0000
[   32.779053][   T29] audit: type=1326 audit(1753633962.863:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3473 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=80 compat=0 ip=0x7f263613d6f7 code=0x7ffc0000
[   32.787503][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_1
[   32.821816][   T29] audit: type=1326 audit(1753633962.883:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3473 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f263613d310 code=0x7ffc0000
[   32.837031][ T3481] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   32.844986][   T29] audit: type=1326 audit(1753633962.883:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3473 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f263613e9a9 code=0x7ffc0000
[   32.873999][ T3305] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   32.880011][   T29] audit: type=1326 audit(1753633962.893:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3473 comm="syz.1.6" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f263613e9a9 code=0x7ffc0000
[   32.888761][ T3305] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   32.888792][ T3305] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   32.888849][ T3305] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   32.962703][ T3487] syz.0.1 uses obsolete (PF_INET,SOCK_PACKET)
[   33.024164][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.160670][ T3501] loop2: detected capacity change from 0 to 2048
[   33.204868][ T3501] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   33.219959][ T3509] mmap: syz.4.12 (3509) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   33.282204][ T3503] loop4: detected capacity change from 0 to 1024
[   33.301299][ T3503] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   33.313972][ T3503] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   33.349023][ T3503] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c840e01c, mo2=0000]
[   33.382292][ T3503] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.12: lblock 2 mapped to illegal pblock 2 (length 1)
[   33.402128][ T3511] loop1: detected capacity change from 0 to 8192
[   33.418865][ T3503] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.12: lblock 0 mapped to illegal pblock 48 (length 1)
[   33.457838][ T3503] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.12: Failed to acquire dquot type 0
[   33.461515][ T3514] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   33.487949][ T3503] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem
[   33.499773][ T3503] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.12: mark_inode_dirty error
[   33.523046][ T3503] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[   33.559602][ T3503] EXT4-fs (loop4): 1 orphan inode deleted
[   33.573321][ T3503] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   33.613213][ T3326] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 1)
[   33.632997][ T3326] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:6: Failed to release dquot type 0
[   33.648280][ T3503] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.658277][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.668963][ T3503] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.12: Invalid inode table block 1 in block_group 0
[   33.682546][ T3503] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem
[   33.687347][ T3499] Set syz1 is full, maxelem 65536 reached
[   33.693994][ T3503] EXT4-fs error (device loop4): ext4_quota_off:7217: inode #3: comm syz.4.12: mark_inode_dirty error
[   33.838443][ T3521] loop4: detected capacity change from 0 to 1024
[   33.845522][ T3521] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   33.854307][ T3521] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   33.865714][ T3521] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c840e01c, mo2=0000]
[   33.875548][ T3521] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 2: comm syz.4.17: lblock 2 mapped to illegal pblock 2 (length 1)
[   33.889855][ T3521] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 48: comm syz.4.17: lblock 0 mapped to illegal pblock 48 (length 1)
[   33.904859][ T3521] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.17: Failed to acquire dquot type 0
[   33.916657][ T3521] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem
[   33.926640][ T3521] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.17: mark_inode_dirty error
[   33.938579][ T3521] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[   33.948937][ T3521] EXT4-fs (loop4): 1 orphan inode deleted
[   33.955294][ T3521] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   33.967862][ T3326] EXT4-fs error (device loop4): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:6: lblock 1 mapped to illegal pblock 1 (length 1)
[   33.982561][ T3326] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:6: Failed to release dquot type 0
[   33.995166][ T3521] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.004736][ T3521] EXT4-fs error (device loop4): __ext4_get_inode_loc:4792: comm syz.4.17: Invalid inode table block 1 in block_group 0
[   34.018357][ T3521] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6255: Corrupt filesystem
[   34.028361][ T3521] EXT4-fs error (device loop4): ext4_quota_off:7217: inode #3: comm syz.4.17: mark_inode_dirty error
[   34.110066][ T3524] loop4: detected capacity change from 0 to 256
[   34.172016][ T3526] netlink: 8 bytes leftover after parsing attributes in process `syz.1.19'.
[   34.185916][ T3526] netlink: 4 bytes leftover after parsing attributes in process `syz.1.19'.
[   34.194803][ T3526] netlink: 33 bytes leftover after parsing attributes in process `syz.1.19'.
[   34.205696][ T3526] netlink: 4 bytes leftover after parsing attributes in process `syz.1.19'.
[   34.214540][ T3526] netlink: 33 bytes leftover after parsing attributes in process `syz.1.19'.
[   34.235704][ T3514] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   34.312408][ T3499] syz.3.11 (3499) used greatest stack depth: 10808 bytes left
[   34.353565][ T3533] loop3: detected capacity change from 0 to 2048
[   34.376666][ T3533] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   34.420647][ T3542] loop4: detected capacity change from 0 to 1024
[   34.460089][ T3542] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   34.460305][ T3544] loop1: detected capacity change from 0 to 4096
[   34.494522][ T3544] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   34.509525][ T3544] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.531215][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.601591][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.632943][ T3552] loop2: detected capacity change from 0 to 512
[   34.643615][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.665193][ T3555] loop1: detected capacity change from 0 to 2048
[   34.672906][ T3552] netlink: 16 bytes leftover after parsing attributes in process `syz.2.28'.
[   34.685630][ T3556] 9pnet_fd: Insufficient options for proto=fd
[   34.693192][ T3556] netlink: 'syz.4.31': attribute type 39 has an invalid length.
[   34.703106][ T3556] veth1_macvtap: left promiscuous mode
[   34.736186][ T3555] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   34.768687][ T3565] 9pnet_fd: Insufficient options for proto=fd
[   34.854083][ T3570] loop3: detected capacity change from 0 to 128
[   35.077517][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.122068][ T3573] loop1: detected capacity change from 0 to 512
[   35.125332][ T3573] EXT4-fs: Ignoring removed i_version option
[   35.153866][ T3573] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   35.154764][ T3573] EXT4-fs (loop1): orphan cleanup on readonly fs
[   35.170438][ T3573] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.33: bg 0: block 248: padding at end of block bitmap is not set
[   35.185290][ T3573] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.33: Failed to acquire dquot type 1
[   35.185850][ T3573] EXT4-fs (loop1): 1 truncate cleaned up
[   35.224678][ T3573] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   35.264926][ T3573] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended
[   35.284761][ T3573] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   35.285033][ T3573] ext4 filesystem being remounted at /10/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   35.287547][ T3573] syz.1.33 (3573) used greatest stack depth: 9304 bytes left
[   35.307267][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.369324][ T3584] SELinux:  policydb table sizes (0,0) do not match mine (8,7)
[   35.369353][ T3584] SELinux: failed to load policy
[   35.399248][ T3514] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   35.450588][ T3514] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   35.466625][ T3587] loop1: detected capacity change from 0 to 164
[   35.644712][ T3514] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   35.673676][ T3514] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   35.696630][ T3594] loop1: detected capacity change from 0 to 1024
[   35.707901][ T3592] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   35.726087][ T3514] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   35.747615][ T3514] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   35.761586][ T3594] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   35.777022][ T3592] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   35.809074][ T3604] loop0: detected capacity change from 0 to 1024
[   35.820589][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.848737][ T3604] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   35.869046][ T3592] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   35.888501][ T3608] loop1: detected capacity change from 0 to 1024
[   35.895485][ T3604] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.44: Allocating blocks 449-513 which overlap fs metadata
[   35.918192][ T3608] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   35.925055][ T3603] EXT4-fs (loop0): pa ffff8881069e2070: logic 48, phys. 177, len 21
[   35.938554][ T3603] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   35.962387][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.980120][ T3608] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.45: Allocating blocks 449-513 which overlap fs metadata
[   35.994963][ T3592] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   36.011940][ T3607] EXT4-fs (loop1): pa ffff8881069e2000: logic 48, phys. 177, len 21
[   36.014763][ T3612] 9pnet_fd: Insufficient options for proto=fd
[   36.020189][ T3607] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   36.053014][ T3612] netlink: 'syz.0.46': attribute type 39 has an invalid length.
[   36.055583][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.069907][ T3602] xt_connbytes: Forcing CT accounting to be enabled
[   36.072390][ T3614] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   36.076791][ T3602] set match dimension is over the limit!
[   36.095191][ T3612] veth1_macvtap: left promiscuous mode
[   36.117400][ T3592] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   36.131848][ T3614] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   36.145747][ T3592] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   36.159052][ T3592] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   36.172394][ T3592] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   36.229918][ T3614] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   36.285940][ T3625] FAULT_INJECTION: forcing a failure.
[   36.285940][ T3625] name failslab, interval 1, probability 0, space 0, times 1
[   36.299619][ T3625] CPU: 0 UID: 0 PID: 3625 Comm: syz.1.50 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(voluntary) 
[   36.299658][ T3625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   36.299693][ T3625] Call Trace:
[   36.299699][ T3625]  <TASK>
[   36.299705][ T3625]  __dump_stack+0x1d/0x30
[   36.299755][ T3625]  dump_stack_lvl+0xe8/0x140
[   36.299771][ T3625]  dump_stack+0x15/0x1b
[   36.299785][ T3625]  should_fail_ex+0x265/0x280
[   36.299838][ T3625]  ? alloc_fdtable+0x74/0x1b0
[   36.299877][ T3625]  should_failslab+0x8c/0xb0
[   36.299896][ T3625]  __kmalloc_cache_noprof+0x4c/0x320
[   36.300006][ T3625]  alloc_fdtable+0x74/0x1b0
[   36.300051][ T3625]  dup_fd+0x4c7/0x540
[   36.300143][ T3625]  copy_files+0x98/0xf0
[   36.300169][ T3625]  copy_process+0xc44/0x1f90
[   36.300261][ T3625]  kernel_clone+0x16c/0x5b0
[   36.300284][ T3625]  ? vfs_write+0x75e/0x8e0
[   36.300312][ T3625]  __x64_sys_clone+0xe6/0x120
[   36.300357][ T3625]  x64_sys_call+0x2c59/0x2fb0
[   36.300375][ T3625]  do_syscall_64+0xd2/0x200
[   36.300399][ T3625]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   36.300431][ T3625]  ? clear_bhb_loop+0x40/0x90
[   36.300449][ T3625]  ? clear_bhb_loop+0x40/0x90
[   36.300571][ T3625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   36.300589][ T3625] RIP: 0033:0x7f263613e9a9
[   36.300606][ T3625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   36.300622][ T3625] RSP: 002b:00007f26347a6fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[   36.300638][ T3625] RAX: ffffffffffffffda RBX: 00007f2636365fa0 RCX: 00007f263613e9a9
[   36.300648][ T3625] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000004a0c7200
[   36.300659][ T3625] RBP: 00007f26347a7090 R08: 0000000000000000 R09: 0000000000000000
[   36.300669][ T3625] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[   36.300703][ T3625] R13: 0000000000000000 R14: 00007f2636365fa0 R15: 00007ffc7cab1648
[   36.300720][ T3625]  </TASK>
[   36.512941][ T3614] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   36.590006][ T3614] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   36.622289][ T3614] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   36.673557][ T3614] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   36.685232][ T3614] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   36.695560][ T3634] netlink: 8 bytes leftover after parsing attributes in process `syz.4.55'.
[   36.705772][ T3634] netlink: 4 bytes leftover after parsing attributes in process `syz.4.55'.
[   36.714576][ T3634] netlink: 33 bytes leftover after parsing attributes in process `syz.4.55'.
[   36.727538][ T3634] netlink: 4 bytes leftover after parsing attributes in process `syz.4.55'.
[   36.827799][ T3641] loop2: detected capacity change from 0 to 1024
[   36.841861][ T3641] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   36.855438][ T3641] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   36.868937][ T3641] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c840e01c, mo2=0000]
[   36.878933][ T3641] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 2: comm syz.2.58: lblock 2 mapped to illegal pblock 2 (length 1)
[   36.893197][ T3641] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 48: comm syz.2.58: lblock 0 mapped to illegal pblock 48 (length 1)
[   36.910783][ T3641] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.58: Failed to acquire dquot type 0
[   36.922301][ T3641] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem
[   36.932410][ T3641] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.58: mark_inode_dirty error
[   36.963481][ T3641] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[   36.975312][ T3641] EXT4-fs (loop2): 1 orphan inode deleted
[   36.986477][   T51] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:3: lblock 1 mapped to illegal pblock 1 (length 1)
[   37.006986][ T3641] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   37.008009][   T51] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 0
[   37.033045][ T3641] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.042510][ T3641] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.58: Invalid inode table block 1 in block_group 0
[   37.057087][ T3641] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem
[   37.067251][ T3641] EXT4-fs error (device loop2): ext4_quota_off:7217: inode #3: comm syz.2.58: mark_inode_dirty error
[   37.165942][ T3661] loop3: detected capacity change from 0 to 256
[   37.199968][ T3669] openvswitch: netlink: Message has 6 unknown bytes.
[   37.213319][ T3669] loop1: detected capacity change from 0 to 128
[   37.228609][ T3669] FAT-fs (loop1): Directory bread(block 162) failed
[   37.235588][ T3669] FAT-fs (loop1): Directory bread(block 163) failed
[   37.243017][ T3669] FAT-fs (loop1): Directory bread(block 164) failed
[   37.250750][ T3669] FAT-fs (loop1): Directory bread(block 165) failed
[   37.258186][ T3669] FAT-fs (loop1): Directory bread(block 166) failed
[   37.264936][ T3669] FAT-fs (loop1): Directory bread(block 167) failed
[   37.272973][ T3669] FAT-fs (loop1): Directory bread(block 168) failed
[   37.280386][ T3669] FAT-fs (loop1): Directory bread(block 169) failed
[   37.289057][ T3669] FAT-fs (loop1): Directory bread(block 162) failed
[   37.295849][ T3669] FAT-fs (loop1): Directory bread(block 163) failed
[   37.305844][ T3669] syz.1.69: attempt to access beyond end of device
[   37.305844][ T3669] loop1: rw=3, sector=226, nr_sectors = 6 limit=128
[   37.336357][ T3669] syz.1.69: attempt to access beyond end of device
[   37.336357][ T3669] loop1: rw=2051, sector=232, nr_sectors = 2 limit=128
[   37.358209][ T3674] loop2: detected capacity change from 0 to 2048
[   37.371893][ T3674] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   37.489956][ T3680] SELinux:  Context system_u:object_r:etc_t:s0 is not valid (left unmapped).
[   37.523863][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.559365][ T3686] ref_ctr_offset mismatch. inode: 0x5d offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8000000
[   37.590514][ T3688] loop2: detected capacity change from 0 to 1024
[   37.619855][ T3688] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   37.644729][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.689401][ T3692] loop2: detected capacity change from 0 to 2048
[   37.699304][ T3692] journal_path: Non-blockdev passed as './file1'
[   37.705765][ T3692] EXT4-fs: error: could not find journal device path
[   37.731715][ T3295] udevd[3295]: incorrect ext4 checksum on /dev/loop2
[   37.769729][   T29] kauditd_printk_skb: 246 callbacks suppressed
[   37.769748][   T29] audit: type=1326 audit(1753633967.853:366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3699 comm="syz.3.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31eca2e9a9 code=0x7ffc0000
[   37.799698][ T3698] loop4: detected capacity change from 0 to 1024
[   37.822541][ T3698] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   37.822645][   T29] audit: type=1326 audit(1753633967.853:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3699 comm="syz.3.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31eca2e9a9 code=0x7ffc0000
[   37.858110][   T29] audit: type=1326 audit(1753633967.853:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3699 comm="syz.3.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7f31eca2e9a9 code=0x7ffc0000
[   37.881582][   T29] audit: type=1326 audit(1753633967.853:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3699 comm="syz.3.81" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31eca2e9a9 code=0x7ffc0000
[   37.901567][ T3698] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.80: Allocating blocks 449-513 which overlap fs metadata
[   37.905090][   T29] audit: type=1107 audit(1753633967.873:370): pid=3697 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[   37.957955][ T3697] EXT4-fs (loop4): pa ffff8881069e20e0: logic 48, phys. 177, len 21
[   37.966041][ T3697] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   37.989634][   T29] audit: type=1400 audit(1753633968.073:371): avc:  denied  { setopt } for  pid=3705 comm="syz.2.82" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   38.020879][   T29] audit: type=1400 audit(1753633968.093:372): avc:  denied  { name_connect } for  pid=3705 comm="syz.2.82" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[   38.041321][   T29] audit: type=1400 audit(1753633968.103:373): avc:  denied  { ioctl } for  pid=3705 comm="syz.2.82" path="socket:[4925]" dev="sockfs" ino=4925 ioctlcmd=0x8915 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   38.068305][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.077728][   T29] audit: type=1107 audit(1753633968.123:374): pid=3710 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg=''
[   38.160913][   T29] audit: type=1400 audit(1753633968.233:375): avc:  denied  { create } for  pid=3715 comm="syz.3.86" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[   38.234898][ T3720] xt_connbytes: Forcing CT accounting to be enabled
[   38.312704][ T3722] ref_ctr_offset mismatch. inode: 0x85 offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8000000
[   38.365531][ T3720] Cannot find set identified by id 0 to match
[   38.445314][ T3724] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   38.452853][ T3724] batman_adv: batadv0: Removing interface: batadv_slave_0
[   38.492559][ T3724] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   38.500228][ T3724] batman_adv: batadv0: Removing interface: batadv_slave_1
[   38.530715][ T3706] Set syz1 is full, maxelem 65536 reached
[   38.616037][ T3735] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   38.623588][ T3735] batman_adv: batadv0: Removing interface: batadv_slave_0
[   38.632460][ T3735] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   38.639956][ T3735] batman_adv: batadv0: Removing interface: batadv_slave_1
[   38.782389][ T3744] loop4: detected capacity change from 0 to 2048
[   38.797902][ T3744] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   38.870175][ T3749] tmpfs: Cannot enable swap on remount if it was disabled on first mount
[   38.902839][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.951093][ T3756] FAULT_INJECTION: forcing a failure.
[   38.951093][ T3756] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   38.964371][ T3756] CPU: 0 UID: 0 PID: 3756 Comm: syz.1.102 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(voluntary) 
[   38.964455][ T3756] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   38.964471][ T3756] Call Trace:
[   38.964479][ T3756]  <TASK>
[   38.964488][ T3756]  __dump_stack+0x1d/0x30
[   38.964516][ T3756]  dump_stack_lvl+0xe8/0x140
[   38.964662][ T3756]  dump_stack+0x15/0x1b
[   38.964756][ T3756]  should_fail_ex+0x265/0x280
[   38.964788][ T3756]  should_fail+0xb/0x20
[   38.964822][ T3756]  should_fail_usercopy+0x1a/0x20
[   38.964933][ T3756]  _copy_from_user+0x1c/0xb0
[   38.964971][ T3756]  ___sys_sendmsg+0xc1/0x1d0
[   38.965005][ T3756]  __x64_sys_sendmsg+0xd4/0x160
[   38.965032][ T3756]  x64_sys_call+0x2999/0x2fb0
[   38.965109][ T3756]  do_syscall_64+0xd2/0x200
[   38.965133][ T3756]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   38.965216][ T3756]  ? clear_bhb_loop+0x40/0x90
[   38.965244][ T3756]  ? clear_bhb_loop+0x40/0x90
[   38.965272][ T3756]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   38.965386][ T3756] RIP: 0033:0x7f263613e9a9
[   38.965406][ T3756] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   38.965503][ T3756] RSP: 002b:00007f26347a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   38.965528][ T3756] RAX: ffffffffffffffda RBX: 00007f2636365fa0 RCX: 00007f263613e9a9
[   38.965544][ T3756] RDX: 0000000000008844 RSI: 0000200000000080 RDI: 0000000000000005
[   38.965559][ T3756] RBP: 00007f26347a7090 R08: 0000000000000000 R09: 0000000000000000
[   38.965631][ T3756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   38.965646][ T3756] R13: 0000000000000000 R14: 00007f2636365fa0 R15: 00007ffc7cab1648
[   38.965668][ T3756]  </TASK>
[   39.172215][ T3760] loop4: detected capacity change from 0 to 256
[   39.318186][ T3765] infiniband syz!: set active
[   39.322933][ T3765] infiniband syz!: added team_slave_0
[   39.340183][ T3765] RDS/IB: syz!: added
[   39.352505][ T3765] smc: adding ib device syz! with port count 1
[   39.363145][ T3765] smc:    ib device syz! port 1 has pnetid 
[   39.391030][ T3772] loop1: detected capacity change from 0 to 1024
[   39.413080][ T3772] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.440854][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.471740][ T3779] __nla_validate_parse: 4 callbacks suppressed
[   39.471758][ T3779] netlink: 4 bytes leftover after parsing attributes in process `syz.1.107'.
[   39.489668][ T3779] netlink: 'syz.1.107': attribute type 3 has an invalid length.
[   39.498744][ T3779] netlink: 12 bytes leftover after parsing attributes in process `syz.1.107'.
[   39.513909][ T3779] netlink: 4 bytes leftover after parsing attributes in process `syz.1.107'.
[   39.545759][ T3783] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   39.638766][ T3776] rdma_rxe: rxe_newlink: failed to add team_slave_0
[   39.680716][ T3783] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   39.730361][ T3783] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   39.746612][ T3791] set match dimension is over the limit!
[   39.756965][ T3792] netlink: 8 bytes leftover after parsing attributes in process `syz.2.111'.
[   39.765860][ T3792] netlink: 4 bytes leftover after parsing attributes in process `syz.2.111'.
[   39.774737][ T3792] netlink: 33 bytes leftover after parsing attributes in process `syz.2.111'.
[   39.785712][ T3792] netlink: 4 bytes leftover after parsing attributes in process `syz.2.111'.
[   39.794629][ T3792] netlink: 33 bytes leftover after parsing attributes in process `syz.2.111'.
[   39.839205][ T3783] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   39.863365][ T3795] netlink: 8 bytes leftover after parsing attributes in process `syz.4.114'.
[   39.872699][ T3795] netlink: 4 bytes leftover after parsing attributes in process `syz.4.114'.
[   39.927251][ T3783] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   39.935675][ T3797] loop2: detected capacity change from 0 to 256
[   39.942226][ T3783] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   39.955283][ T3783] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   39.977758][ T3783] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   40.077320][ T3807] ref_ctr_offset mismatch. inode: 0x7c offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x8000000
[   40.105840][ T3805] loop1: detected capacity change from 0 to 8192
[   40.289770][ T3820] loop2: detected capacity change from 0 to 512
[   40.296592][ T3820] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[   40.376197][ T3825] loop2: detected capacity change from 0 to 1024
[   40.389230][ T3825] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.424029][ T3825] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.127: Allocating blocks 449-513 which overlap fs metadata
[   40.440967][ T3824] EXT4-fs (loop2): pa ffff888106975070: logic 48, phys. 177, len 21
[   40.449075][ T3824] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   40.468973][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.548016][ T3831] loop2: detected capacity change from 0 to 1024
[   40.556414][ T3831] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   40.565243][ T3831] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   40.576594][ T3831] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c840e01c, mo2=0000]
[   40.585709][ T3831] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 2: comm syz.2.128: lblock 2 mapped to illegal pblock 2 (length 1)
[   40.600238][ T3831] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 48: comm syz.2.128: lblock 0 mapped to illegal pblock 48 (length 1)
[   40.614441][ T3831] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.128: Failed to acquire dquot type 0
[   40.625834][ T3831] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem
[   40.635389][ T3831] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.128: mark_inode_dirty error
[   40.646708][ T3831] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[   40.658540][ T3831] EXT4-fs (loop2): 1 orphan inode deleted
[   40.664742][ T3831] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.677123][  T155] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1)
[   40.691485][  T155] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:4: Failed to release dquot type 0
[   40.703707][ T3831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.713193][ T3831] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.128: Invalid inode table block 1 in block_group 0
[   40.726228][ T3831] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem
[   40.735949][ T3831] EXT4-fs error (device loop2): ext4_quota_off:7217: inode #3: comm syz.2.128: mark_inode_dirty error
[   40.781756][ T3834] tmpfs: Cannot enable swap on remount if it was disabled on first mount
[   40.853137][ T3839] loop2: detected capacity change from 0 to 256
[   40.971148][ T3845] loop1: detected capacity change from 0 to 1024
[   40.991965][ T3851] loop2: detected capacity change from 0 to 1024
[   40.999163][ T3851] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   41.008082][ T3851] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   41.019408][ T3851] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c840e01c, mo2=0000]
[   41.021087][ T3845] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.041047][ T3851] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 2: comm syz.2.133: lblock 2 mapped to illegal pblock 2 (length 1)
[   41.055210][ T3851] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 48: comm syz.2.133: lblock 0 mapped to illegal pblock 48 (length 1)
[   41.073101][ T3845] capability: warning: `syz.1.134' uses deprecated v2 capabilities in a way that may be insecure
[   41.084057][ T3851] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.133: Failed to acquire dquot type 0
[   41.114298][ T3851] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem
[   41.124835][ T3851] EXT4-fs error (device loop2): ext4_evict_inode:254: inode #11: comm syz.2.133: mark_inode_dirty error
[   41.136277][ T3851] EXT4-fs warning (device loop2): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[   41.148178][ T3851] EXT4-fs (loop2): 1 orphan inode deleted
[   41.148491][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.154615][ T3851] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.175596][   T37] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:2: lblock 1 mapped to illegal pblock 1 (length 1)
[   41.192392][   T37] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:2: Failed to release dquot type 0
[   41.205256][ T3851] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.216021][ T3851] EXT4-fs error (device loop2): __ext4_get_inode_loc:4792: comm syz.2.133: Invalid inode table block 1 in block_group 0
[   41.229856][ T3851] EXT4-fs error (device loop2) in ext4_reserve_inode_write:6255: Corrupt filesystem
[   41.240090][ T3851] EXT4-fs error (device loop2): ext4_quota_off:7217: inode #3: comm syz.2.133: mark_inode_dirty error
[   41.437301][ T3864] loop3: detected capacity change from 0 to 1024
[   41.446111][ T3864] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   41.482994][ T3864] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   41.498057][ T3864] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c840e01c, mo2=0000]
[   41.507330][ T3864] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 2: comm syz.3.139: lblock 2 mapped to illegal pblock 2 (length 1)
[   41.529751][ T3864] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 48: comm syz.3.139: lblock 0 mapped to illegal pblock 48 (length 1)
[   41.553613][ T3864] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.139: Failed to acquire dquot type 0
[   41.565727][ T3864] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem
[   41.603663][ T3864] EXT4-fs error (device loop3): ext4_evict_inode:254: inode #11: comm syz.3.139: mark_inode_dirty error
[   41.621465][ T3864] EXT4-fs warning (device loop3): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[   41.634462][ T3864] EXT4-fs (loop3): 1 orphan inode deleted
[   41.646607][  T155] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1)
[   41.670837][ T3864] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.683382][  T155] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:4: Failed to release dquot type 0
[   41.696942][ T3864] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.709981][ T3864] EXT4-fs error (device loop3): __ext4_get_inode_loc:4792: comm syz.3.139: Invalid inode table block 1 in block_group 0
[   41.723056][ T3864] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6255: Corrupt filesystem
[   41.734164][ T3864] EXT4-fs error (device loop3): ext4_quota_off:7217: inode #3: comm syz.3.139: mark_inode_dirty error
[   41.781121][ T3877] FAULT_INJECTION: forcing a failure.
[   41.781121][ T3877] name failslab, interval 1, probability 0, space 0, times 0
[   41.793897][ T3877] CPU: 0 UID: 0 PID: 3877 Comm: syz.4.143 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(voluntary) 
[   41.793931][ T3877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   41.794003][ T3877] Call Trace:
[   41.794011][ T3877]  <TASK>
[   41.794019][ T3877]  __dump_stack+0x1d/0x30
[   41.794045][ T3877]  dump_stack_lvl+0xe8/0x140
[   41.794142][ T3877]  dump_stack+0x15/0x1b
[   41.794162][ T3877]  should_fail_ex+0x265/0x280
[   41.794236][ T3877]  should_failslab+0x8c/0xb0
[   41.794258][ T3877]  __kmalloc_noprof+0xa5/0x3e0
[   41.794308][ T3877]  ? tcf_idr_create+0x41/0x4a0
[   41.794339][ T3877]  tcf_idr_create+0x41/0x4a0
[   41.794369][ T3877]  tcf_idr_create_from_flags+0x60/0x80
[   41.794449][ T3877]  tcf_mirred_init+0x451/0x900
[   41.794587][ T3877]  tcf_action_init_1+0x36a/0x4a0
[   41.794619][ T3877]  tcf_action_init+0x267/0x6d0
[   41.794725][ T3877]  tc_ctl_action+0x291/0x830
[   41.794848][ T3877]  ? __pfx_tc_ctl_action+0x10/0x10
[   41.794880][ T3877]  rtnetlink_rcv_msg+0x65a/0x6d0
[   41.794906][ T3877]  netlink_rcv_skb+0x123/0x220
[   41.794981][ T3877]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   41.795012][ T3877]  rtnetlink_rcv+0x1c/0x30
[   41.795083][ T3877]  netlink_unicast+0x5a8/0x680
[   41.795122][ T3877]  netlink_sendmsg+0x58b/0x6b0
[   41.795145][ T3877]  ? __pfx_netlink_sendmsg+0x10/0x10
[   41.795169][ T3877]  __sock_sendmsg+0x142/0x180
[   41.795230][ T3877]  ____sys_sendmsg+0x31e/0x4e0
[   41.795254][ T3877]  ___sys_sendmsg+0x17b/0x1d0
[   41.795285][ T3877]  __x64_sys_sendmsg+0xd4/0x160
[   41.795307][ T3877]  x64_sys_call+0x2999/0x2fb0
[   41.795328][ T3877]  do_syscall_64+0xd2/0x200
[   41.795384][ T3877]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   41.795424][ T3877]  ? clear_bhb_loop+0x40/0x90
[   41.795451][ T3877]  ? clear_bhb_loop+0x40/0x90
[   41.795540][ T3877]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   41.795572][ T3877] RIP: 0033:0x7fc540bde9a9
[   41.795587][ T3877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   41.795604][ T3877] RSP: 002b:00007fc53f247038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   41.795625][ T3877] RAX: ffffffffffffffda RBX: 00007fc540e05fa0 RCX: 00007fc540bde9a9
[   41.795700][ T3877] RDX: 0000000000000000 RSI: 0000200000006280 RDI: 0000000000000003
[   41.795715][ T3877] RBP: 00007fc53f247090 R08: 0000000000000000 R09: 0000000000000000
[   41.795730][ T3877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   41.795745][ T3877] R13: 0000000000000000 R14: 00007fc540e05fa0 R15: 00007fff34885598
[   41.795764][ T3877]  </TASK>
[   41.836232][ T3857] Set syz1 is full, maxelem 65536 reached
[   42.007341][ T3879] loop4: detected capacity change from 0 to 8192
[   42.077098][ T3887] loop0: detected capacity change from 0 to 2048
[   42.088778][ T3887] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   42.114863][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.221972][ T3901] loop0: detected capacity change from 0 to 128
[   42.229622][ T3901] FAT-fs (loop0): Directory bread(block 162) failed
[   42.237427][ T3901] FAT-fs (loop0): Directory bread(block 163) failed
[   42.244145][ T3901] FAT-fs (loop0): Directory bread(block 164) failed
[   42.250922][ T3901] FAT-fs (loop0): Directory bread(block 165) failed
[   42.252261][ T3903] loop3: detected capacity change from 0 to 1024
[   42.258545][ T3901] FAT-fs (loop0): Directory bread(block 166) failed
[   42.271278][ T3901] FAT-fs (loop0): Directory bread(block 167) failed
[   42.278153][ T3901] FAT-fs (loop0): Directory bread(block 168) failed
[   42.284893][ T3901] FAT-fs (loop0): Directory bread(block 169) failed
[   42.293133][ T3903] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   42.293563][ T3901] FAT-fs (loop0): Directory bread(block 162) failed
[   42.312044][ T3901] FAT-fs (loop0): Directory bread(block 163) failed
[   42.319220][ T3901] syz.0.151: attempt to access beyond end of device
[   42.319220][ T3901] loop0: rw=3, sector=226, nr_sectors = 6 limit=128
[   42.325253][ T3903] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.150: Allocating blocks 449-513 which overlap fs metadata
[   42.332396][ T3901] syz.0.151: attempt to access beyond end of device
[   42.332396][ T3901] loop0: rw=2051, sector=232, nr_sectors = 2 limit=128
[   42.351286][ T3902] EXT4-fs (loop3): pa ffff888106975000: logic 48, phys. 177, len 21
[   42.367658][ T3902] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   42.388492][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.479668][ T3913] loop2: detected capacity change from 0 to 1024
[   42.498407][ T3913] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   42.526788][ T3913] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.155: Allocating blocks 449-513 which overlap fs metadata
[   42.557103][ T3912] EXT4-fs (loop2): pa ffff888106975070: logic 48, phys. 177, len 21
[   42.565397][ T3912] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   42.566539][ T3920] loop0: detected capacity change from 0 to 128
[   42.596081][ T3920] IPVS: stopping master sync thread 3922 ...
[   42.605302][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.632760][ T3920] FAT-fs (loop0): error, clusters badly computed (2 != 1)
[   42.640065][ T3920] FAT-fs (loop0): Filesystem has been set read-only
[   42.652545][ T3920] FAT-fs (loop0): error, clusters badly computed (3 != 2)
[   42.660165][ T3920] FAT-fs (loop0): error, clusters badly computed (4 != 3)
[   42.667649][ T3920] FAT-fs (loop0): error, clusters badly computed (5 != 4)
[   42.675085][ T3920] FAT-fs (loop0): error, clusters badly computed (6 != 5)
[   42.682605][ T3920] FAT-fs (loop0): error, clusters badly computed (7 != 6)
[   42.690496][ T3920] FAT-fs (loop0): error, clusters badly computed (8 != 7)
[   42.705557][ T3920] FAT-fs (loop0): error, clusters badly computed (9 != 8)
[   42.716871][ T3920] : attempt to access beyond end of device
[   42.716871][ T3920] loop0: rw=2049, sector=145, nr_sectors = 16 limit=128
[   42.729822][ T3920] : attempt to access beyond end of device
[   42.729822][ T3920] loop0: rw=2049, sector=177, nr_sectors = 8 limit=128
[   42.743719][ T3920] : attempt to access beyond end of device
[   42.743719][ T3920] loop0: rw=2049, sector=193, nr_sectors = 8 limit=128
[   42.769935][ T3920] : attempt to access beyond end of device
[   42.769935][ T3920] loop0: rw=2049, sector=209, nr_sectors = 8 limit=128
[   42.783130][ T3920] : attempt to access beyond end of device
[   42.783130][ T3920] loop0: rw=2049, sector=225, nr_sectors = 8 limit=128
[   42.805864][ T3920] : attempt to access beyond end of device
[   42.805864][ T3920] loop0: rw=2049, sector=241, nr_sectors = 8 limit=128
[   42.821928][ T3920] : attempt to access beyond end of device
[   42.821928][ T3920] loop0: rw=2049, sector=257, nr_sectors = 8 limit=128
[   42.836584][ T3920] : attempt to access beyond end of device
[   42.836584][ T3920] loop0: rw=2049, sector=273, nr_sectors = 8 limit=128
[   42.860546][   T29] kauditd_printk_skb: 354 callbacks suppressed
[   42.860570][   T29] audit: type=1326 audit(1753633972.933:721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3928 comm="syz.4.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc540bde9a9 code=0x7ffc0000
[   42.890168][   T29] audit: type=1326 audit(1753633972.933:722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3928 comm="syz.4.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc540bde9a9 code=0x7ffc0000
[   42.913485][   T29] audit: type=1326 audit(1753633972.933:723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3928 comm="syz.4.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7fc540bde9a9 code=0x7ffc0000
[   42.936768][   T29] audit: type=1326 audit(1753633972.933:724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3928 comm="syz.4.159" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc540bde9a9 code=0x7ffc0000
[   42.960062][   T29] audit: type=1326 audit(1753633973.003:725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3931 comm="syz.4.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc540bde9a9 code=0x7ffc0000
[   42.983425][   T29] audit: type=1326 audit(1753633973.003:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3931 comm="syz.4.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc540bde9a9 code=0x7ffc0000
[   43.006731][   T29] audit: type=1326 audit(1753633973.003:727): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3931 comm="syz.4.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc540bde9a9 code=0x7ffc0000
[   43.030023][   T29] audit: type=1326 audit(1753633973.003:728): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3931 comm="syz.4.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc540bde9a9 code=0x7ffc0000
[   43.031444][ T3935] xt_TPROXY: Can be used only with -p tcp or -p udp
[   43.053346][   T29] audit: type=1326 audit(1753633973.003:729): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3931 comm="syz.4.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc540bde9a9 code=0x7ffc0000
[   43.084719][   T29] audit: type=1326 audit(1753633973.163:730): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3931 comm="syz.4.161" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc540bde9a9 code=0x7ffc0000
[   43.142193][ T3939] loop2: detected capacity change from 0 to 1024
[   43.157983][ T3939] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   43.183499][ T3939] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.163: Allocating blocks 449-513 which overlap fs metadata
[   43.199178][ T3938] EXT4-fs (loop2): pa ffff8881069750e0: logic 48, phys. 177, len 21
[   43.207350][ T3938] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   43.228393][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   43.249576][ T3945] xt_l2tp: wrong L2TP version: 0
[   43.501710][ T3958] xt_connbytes: Forcing CT accounting to be enabled
[   43.648104][ T3958] set match dimension is over the limit!
[   43.846106][ T3949] Set syz1 is full, maxelem 65536 reached
[   43.867971][ T3967] loop3: detected capacity change from 0 to 512
[   43.881907][ T3967] EXT4-fs: Ignoring removed orlov option
[   43.903762][ T3967] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   43.916974][ T3967] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   43.933821][ T3967] EXT4-fs (loop3): 1 orphan inode deleted
[   43.939674][ T3967] EXT4-fs (loop3): 1 truncate cleaned up
[   43.946071][ T3967] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   43.960614][ T3967] netlink: 'syz.3.173': attribute type 10 has an invalid length.
[   43.971006][ T3971] loop4: detected capacity change from 0 to 128
[   43.993464][ T3971] FAT-fs (loop4): Directory bread(block 162) failed
[   44.006833][ T3971] FAT-fs (loop4): Directory bread(block 163) failed
[   44.013595][ T3971] FAT-fs (loop4): Directory bread(block 164) failed
[   44.021584][ T3971] FAT-fs (loop4): Directory bread(block 165) failed
[   44.028551][ T3971] FAT-fs (loop4): Directory bread(block 166) failed
[   44.035366][ T3971] FAT-fs (loop4): Directory bread(block 167) failed
[   44.036515][ T3967] bond0: (slave dummy0): Enslaving as an active interface with an up link
[   44.048693][ T3971] FAT-fs (loop4): Directory bread(block 168) failed
[   44.057560][ T3971] FAT-fs (loop4): Directory bread(block 169) failed
[   44.070290][ T3973] loop0: detected capacity change from 0 to 2048
[   44.074514][ T3971] FAT-fs (loop4): Directory bread(block 162) failed
[   44.083463][ T3971] FAT-fs (loop4): Directory bread(block 163) failed
[   44.099930][ T3973] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.126445][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.219746][ T3984] loop0: detected capacity change from 0 to 256
[   44.370887][ T3995] tmpfs: Cannot enable swap on remount if it was disabled on first mount
[   44.373990][ T3998] loop2: detected capacity change from 0 to 1024
[   44.396681][ T3993] netlink: 'syz.0.183': attribute type 8 has an invalid length.
[   44.412481][ T3998] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.440957][ T3993] loop0: detected capacity change from 0 to 512
[   44.459100][ T4002] loop1: detected capacity change from 0 to 256
[   44.484309][ T4004] loop4: detected capacity change from 0 to 2048
[   44.491990][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.511904][ T4004] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.534233][ T3993] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   44.556484][ T3993] EXT4-fs (loop0): mount failed
[   44.570230][ T4010] loop2: detected capacity change from 0 to 2048
[   44.589173][ T4010] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   44.604664][ T4012] loop0: detected capacity change from 0 to 128
[   44.623142][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.668342][ T3747] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[   44.669426][ T4012] FAT-fs (loop0): Directory bread(block 162) failed
[   44.696202][ T3747] EXT4-fs (loop3): Remounting filesystem read-only
[   44.709994][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.719979][ T4018] 9pnet_fd: Insufficient options for proto=fd
[   44.756648][ T4012] FAT-fs (loop0): Directory bread(block 163) failed
[   44.787948][ T4012] FAT-fs (loop0): Directory bread(block 164) failed
[   44.794711][ T4012] FAT-fs (loop0): Directory bread(block 165) failed
[   44.821705][ T4012] FAT-fs (loop0): Directory bread(block 166) failed
[   44.828640][ T4012] FAT-fs (loop0): Directory bread(block 167) failed
[   44.835456][ T4012] FAT-fs (loop0): Directory bread(block 168) failed
[   44.843479][ T4012] FAT-fs (loop0): Directory bread(block 169) failed
[   44.861592][ T4012] FAT-fs (loop0): Directory bread(block 162) failed
[   44.878285][ T4012] FAT-fs (loop0): Directory bread(block 163) failed
[   45.033263][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.037417][ T4034] tmpfs: Cannot enable swap on remount if it was disabled on first mount
[   45.103815][ T4040] loop4: detected capacity change from 0 to 2048
[   45.160172][ T4040] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   45.262054][ T4053] 9pnet_fd: Insufficient options for proto=fd
[   45.337682][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.423102][ T4071] FAULT_INJECTION: forcing a failure.
[   45.423102][ T4071] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   45.436671][ T4071] CPU: 0 UID: 0 PID: 4071 Comm: syz.3.212 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(voluntary) 
[   45.436705][ T4071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   45.436718][ T4071] Call Trace:
[   45.436725][ T4071]  <TASK>
[   45.436734][ T4071]  __dump_stack+0x1d/0x30
[   45.436761][ T4071]  dump_stack_lvl+0xe8/0x140
[   45.436800][ T4071]  dump_stack+0x15/0x1b
[   45.436820][ T4071]  should_fail_ex+0x265/0x280
[   45.436904][ T4071]  should_fail+0xb/0x20
[   45.436982][ T4071]  should_fail_usercopy+0x1a/0x20
[   45.437048][ T4071]  _copy_from_user+0x1c/0xb0
[   45.437157][ T4071]  do_sock_getsockopt+0xf1/0x240
[   45.437193][ T4071]  __x64_sys_getsockopt+0x11e/0x1a0
[   45.437240][ T4071]  x64_sys_call+0x12aa/0x2fb0
[   45.437268][ T4071]  do_syscall_64+0xd2/0x200
[   45.437294][ T4071]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   45.437377][ T4071]  ? clear_bhb_loop+0x40/0x90
[   45.437431][ T4071]  ? clear_bhb_loop+0x40/0x90
[   45.437461][ T4071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.437489][ T4071] RIP: 0033:0x7f31eca2e9a9
[   45.437509][ T4071] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   45.437533][ T4071] RSP: 002b:00007f31eb097038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[   45.437557][ T4071] RAX: ffffffffffffffda RBX: 00007f31ecc55fa0 RCX: 00007f31eca2e9a9
[   45.437587][ T4071] RDX: 0000000000000081 RSI: 0000000000000000 RDI: 0000000000000003
[   45.437598][ T4071] RBP: 00007f31eb097090 R08: 00002000000007c0 R09: 0000000000000000
[   45.437609][ T4071] R10: 0000200000000700 R11: 0000000000000246 R12: 0000000000000001
[   45.437620][ T4071] R13: 0000000000000000 R14: 00007f31ecc55fa0 R15: 00007ffc5041d638
[   45.437639][ T4071]  </TASK>
[   45.711069][ T4079] loop0: detected capacity change from 0 to 512
[   45.724128][ T4079] EXT4-fs (loop0): orphan cleanup on readonly fs
[   45.731629][ T4079] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm syz.0.215: bg 0: block 248: padding at end of block bitmap is not set
[   45.757085][ T4079] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.215: Failed to acquire dquot type 1
[   45.770853][ T4075] loop3: detected capacity change from 0 to 8192
[   45.812188][ T4079] EXT4-fs (loop0): 1 truncate cleaned up
[   45.824476][ T4079] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   45.876906][ T4086] loop1: detected capacity change from 0 to 2048
[   45.898973][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.927601][ T4086] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   46.019914][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.034181][ T4091] loop4: detected capacity change from 0 to 256
[   46.179048][ T4099] loop9: detected capacity change from 0 to 7
[   46.194345][ T3295] Buffer I/O error on dev loop9, logical block 0, async page read
[   46.209203][ T3295] Buffer I/O error on dev loop9, logical block 0, async page read
[   46.217248][ T3295]  loop9: unable to read partition table
[   46.224220][ T4099] Buffer I/O error on dev loop9, logical block 0, async page read
[   46.234568][ T4099] Buffer I/O error on dev loop9, logical block 0, async page read
[   46.242596][ T4099]  loop9: unable to read partition table
[   46.244003][ T4105] loop4: detected capacity change from 0 to 128
[   46.249509][ T4099] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[   46.249509][ T4099] 
) failed (rc=-5)
[   46.269453][ T3295] Buffer I/O error on dev loop9, logical block 0, async page read
[   46.277641][ T3295] Buffer I/O error on dev loop9, logical block 0, async page read
[   46.294766][ T3295] Buffer I/O error on dev loop9, logical block 0, async page read
[   46.306873][ T4105] FAT-fs (loop4): Directory bread(block 162) failed
[   46.311502][ T3295] Buffer I/O error on dev loop9, logical block 0, async page read
[   46.322159][ T4105] FAT-fs (loop4): Directory bread(block 163) failed
[   46.325027][ T3295] Buffer I/O error on dev loop9, logical block 0, async page read
[   46.343419][ T4105] FAT-fs (loop4): Directory bread(block 164) failed
[   46.363200][ T4105] FAT-fs (loop4): Directory bread(block 165) failed
[   46.384497][ T4105] FAT-fs (loop4): Directory bread(block 166) failed
[   46.408176][ T4105] FAT-fs (loop4): Directory bread(block 167) failed
[   46.418125][ T4105] FAT-fs (loop4): Directory bread(block 168) failed
[   46.431464][ T4105] FAT-fs (loop4): Directory bread(block 169) failed
[   46.465319][ T4105] FAT-fs (loop4): Directory bread(block 162) failed
[   46.476267][ T4112] xt_connbytes: Forcing CT accounting to be enabled
[   46.477886][ T4105] FAT-fs (loop4): Directory bread(block 163) failed
[   46.483062][ T4112] set match dimension is over the limit!
[   46.635111][ T4119] loop3: detected capacity change from 0 to 2048
[   46.657742][ T4121] loop4: detected capacity change from 0 to 2048
[   46.678674][ T4119] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   46.705698][ T4123] loop1: detected capacity change from 0 to 1024
[   46.717119][ T4121] SELinux: security_context_str_to_sid (root) failed with errno=-22
[   46.725625][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.827767][ T4123] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   46.857261][ T4123] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.232: Allocating blocks 449-513 which overlap fs metadata
[   46.916914][ T4132] tmpfs: Cannot enable swap on remount if it was disabled on first mount
[   46.919644][ T4122] EXT4-fs (loop1): pa ffff8881069751c0: logic 48, phys. 177, len 21
[   46.933500][ T4122] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   46.981157][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.000021][ T4138] loop4: detected capacity change from 0 to 128
[   47.029033][ T4138] FAT-fs (loop4): Directory bread(block 162) failed
[   47.035889][ T4138] FAT-fs (loop4): Directory bread(block 163) failed
[   47.054156][ T4142] set match dimension is over the limit!
[   47.060627][ T4138] FAT-fs (loop4): Directory bread(block 164) failed
[   47.088701][ T4138] FAT-fs (loop4): Directory bread(block 165) failed
[   47.095587][ T4138] FAT-fs (loop4): Directory bread(block 166) failed
[   47.102412][ T4138] FAT-fs (loop4): Directory bread(block 167) failed
[   47.110599][ T4138] FAT-fs (loop4): Directory bread(block 168) failed
[   47.117485][ T4138] FAT-fs (loop4): Directory bread(block 169) failed
[   47.127963][ T4135] FAT-fs (loop4): Directory bread(block 162) failed
[   47.150991][ T4135] FAT-fs (loop4): Directory bread(block 163) failed
[   47.290789][ T4152] loop0: detected capacity change from 0 to 512
[   47.311997][ T4152] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a843c02c, mo2=0102]
[   47.328695][ T4152] System zones: 1-12
[   47.333176][ T4152] EXT4-fs error (device loop0): ext4_xattr_inode_iget:442: comm syz.0.242: error while reading EA inode 32 err=-116
[   47.346178][ T4152] EXT4-fs (loop0): Remounting filesystem read-only
[   47.352810][ T4152] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   47.365851][ T4152] EXT4-fs warning (device loop0): ext4_evict_inode:257: couldn't mark inode dirty (err -30)
[   47.376157][ T4152] EXT4-fs (loop0): 1 orphan inode deleted
[   47.382504][ T4152] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.395246][ T4152] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.413003][ T4152] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   47.514219][ T4171] __nla_validate_parse: 6 callbacks suppressed
[   47.514239][ T4171] netlink: 44 bytes leftover after parsing attributes in process `syz.4.248'.
[   47.530170][ T4163] tmpfs: Cannot enable swap on remount if it was disabled on first mount
[   47.648646][ T4176] loop1: detected capacity change from 0 to 256
[   47.664491][ T4181] loop4: detected capacity change from 0 to 1024
[   47.689523][ T4181] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.820475][ T4194] loop1: detected capacity change from 0 to 1024
[   47.858691][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   47.860256][ T4194] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   47.947777][ T4205] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=23 sclass=netlink_tcpdiag_socket pid=4205 comm=syz.4.258
[   47.960370][ T4201] tmpfs: Cannot enable swap on remount if it was disabled on first mount
[   48.013554][ T4209] SELinux: syz.2.262 (4209) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[   48.038076][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.056446][   T29] kauditd_printk_skb: 470 callbacks suppressed
[   48.056465][   T29] audit: type=1400 audit(1753633978.133:1198): avc:  denied  { getopt } for  pid=4207 comm="syz.2.262" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   48.129567][   T29] audit: type=1400 audit(1753633978.143:1199): avc:  denied  { firmware_load } for  pid=4207 comm="syz.2.262" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[   48.129615][   T29] audit: type=1400 audit(1753633978.193:1200): avc:  denied  { ioctl } for  pid=4207 comm="syz.2.262" path="socket:[6809]" dev="sockfs" ino=6809 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   48.145120][   T29] audit: type=1326 audit(1753633978.223:1201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4212 comm="syz.4.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc540bde9a9 code=0x7ffc0000
[   48.185762][   T29] audit: type=1326 audit(1753633978.263:1202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4212 comm="syz.4.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fc540bde9a9 code=0x7ffc0000
[   48.185811][   T29] audit: type=1326 audit(1753633978.263:1203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4212 comm="syz.4.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc540bde9e3 code=0x7ffc0000
[   48.185875][   T29] audit: type=1326 audit(1753633978.263:1204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4212 comm="syz.4.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc540bdd45f code=0x7ffc0000
[   48.216873][ T4220] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=35 sclass=netlink_tcpdiag_socket pid=4220 comm=syz.2.262
[   48.252531][   T29] audit: type=1326 audit(1753633978.333:1205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4212 comm="syz.4.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fc540bdea37 code=0x7ffc0000
[   48.254899][   T29] audit: type=1326 audit(1753633978.333:1206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4212 comm="syz.4.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc540bdd310 code=0x7ffc0000
[   48.254940][   T29] audit: type=1326 audit(1753633978.333:1207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4212 comm="syz.4.265" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc540bde5ab code=0x7ffc0000
[   48.282579][ T4214] loop4: detected capacity change from 0 to 256
[   48.333094][ T4223] loop1: detected capacity change from 0 to 512
[   48.605959][ T4229] loop0: detected capacity change from 0 to 1024
[   48.709982][ T4229] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   48.738426][ T4235] tmpfs: Cannot enable swap on remount if it was disabled on first mount
[   48.790575][ T4242] loop4: detected capacity change from 0 to 1024
[   48.849533][ T4242] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   48.882556][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.890895][ T4242] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.274: Allocating blocks 449-513 which overlap fs metadata
[   48.912817][ T4251] xt_connbytes: Forcing CT accounting to be enabled
[   48.920537][ T4251] set match dimension is over the limit!
[   48.934339][ T4241] EXT4-fs (loop4): pa ffff8881069e2150: logic 48, phys. 177, len 21
[   48.942508][ T4241] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   49.191609][ T4257] FAULT_INJECTION: forcing a failure.
[   49.191609][ T4257] name failslab, interval 1, probability 0, space 0, times 0
[   49.204378][ T4257] CPU: 1 UID: 0 PID: 4257 Comm: syz.1.279 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(voluntary) 
[   49.204409][ T4257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   49.204425][ T4257] Call Trace:
[   49.204434][ T4257]  <TASK>
[   49.204443][ T4257]  __dump_stack+0x1d/0x30
[   49.204470][ T4257]  dump_stack_lvl+0xe8/0x140
[   49.204491][ T4257]  dump_stack+0x15/0x1b
[   49.204537][ T4257]  should_fail_ex+0x265/0x280
[   49.204572][ T4257]  should_failslab+0x8c/0xb0
[   49.204593][ T4257]  kmem_cache_alloc_node_noprof+0x57/0x320
[   49.204619][ T4257]  ? __alloc_skb+0x101/0x320
[   49.204670][ T4257]  __alloc_skb+0x101/0x320
[   49.204707][ T4257]  netlink_alloc_large_skb+0xba/0xf0
[   49.204816][ T4257]  netlink_sendmsg+0x3cf/0x6b0
[   49.204844][ T4257]  ? __pfx_netlink_sendmsg+0x10/0x10
[   49.204863][ T4257]  __sock_sendmsg+0x142/0x180
[   49.204895][ T4257]  ____sys_sendmsg+0x31e/0x4e0
[   49.204998][ T4257]  ___sys_sendmsg+0x17b/0x1d0
[   49.205040][ T4257]  __x64_sys_sendmsg+0xd4/0x160
[   49.205117][ T4257]  x64_sys_call+0x2999/0x2fb0
[   49.205211][ T4257]  do_syscall_64+0xd2/0x200
[   49.205229][ T4257]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   49.205254][ T4257]  ? clear_bhb_loop+0x40/0x90
[   49.205275][ T4257]  ? clear_bhb_loop+0x40/0x90
[   49.205303][ T4257]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.205340][ T4257] RIP: 0033:0x7f263613e9a9
[   49.205357][ T4257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.205380][ T4257] RSP: 002b:00007f26347a7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   49.205404][ T4257] RAX: ffffffffffffffda RBX: 00007f2636365fa0 RCX: 00007f263613e9a9
[   49.205486][ T4257] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006
[   49.205559][ T4257] RBP: 00007f26347a7090 R08: 0000000000000000 R09: 0000000000000000
[   49.205574][ T4257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   49.205590][ T4257] R13: 0000000000000000 R14: 00007f2636365fa0 R15: 00007ffc7cab1648
[   49.205613][ T4257]  </TASK>
[   49.432142][ T3305] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.706011][ T4262] loop1: detected capacity change from 0 to 256
[   49.752105][ T4274] loop0: detected capacity change from 0 to 2048
[   49.813137][ T4274] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   49.876404][ T4281] loop2: detected capacity change from 0 to 1024
[   49.940570][ T3307] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.950811][ T4281] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   50.045358][ T4291] loop1: detected capacity change from 0 to 1024
[   50.068741][ T4291] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   50.069132][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.125028][ T4291] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4113: comm syz.1.293: Allocating blocks 449-513 which overlap fs metadata
[   50.145384][ T4290] EXT4-fs (loop1): pa ffff888106975230: logic 48, phys. 177, len 21
[   50.153600][ T4290] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   50.222924][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.243192][ T4305] netlink: 28 bytes leftover after parsing attributes in process `+}[@'.
[   50.251758][ T4305] netlink: 28 bytes leftover after parsing attributes in process `+}[@'.
[   50.323192][ T4304] netlink: 28 bytes leftover after parsing attributes in process `+}[@'.
[   50.331861][ T4304] netlink: 28 bytes leftover after parsing attributes in process `+}[@'.
[   50.480641][ T4318] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[   50.480641][ T4318]    program syz.0.303 not setting count and/or reply_len properly
[   50.509121][ T4314] loop2: detected capacity change from 0 to 256
[   50.580795][ T4318] SELinux: security_context_str_to_sid () failed with errno=-22
[   50.648990][ T4325] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[   50.648990][ T4325] The task syz.0.303 (4325) triggered the difference, watch for misbehavior.
[   50.675116][ T4324] loop2: detected capacity change from 0 to 1024
[   50.684520][ T4325] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4325 comm=syz.0.303
[   50.700445][ T4324] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   50.775585][ T3315] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   50.803738][ T4336] loop3: detected capacity change from 0 to 1024
[   50.842377][ T4342] FAULT_INJECTION: forcing a failure.
[   50.842377][ T4342] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   50.855554][ T4342] CPU: 1 UID: 0 PID: 4342 Comm: syz.2.312 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(voluntary) 
[   50.855589][ T4342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   50.855600][ T4342] Call Trace:
[   50.855607][ T4342]  <TASK>
[   50.855614][ T4342]  __dump_stack+0x1d/0x30
[   50.855720][ T4342]  dump_stack_lvl+0xe8/0x140
[   50.855744][ T4342]  dump_stack+0x15/0x1b
[   50.855760][ T4342]  should_fail_ex+0x265/0x280
[   50.855797][ T4342]  should_fail+0xb/0x20
[   50.855830][ T4342]  should_fail_usercopy+0x1a/0x20
[   50.855930][ T4342]  _copy_from_user+0x1c/0xb0
[   50.855950][ T4342]  do_handle_open+0x382/0x650
[   50.855991][ T4342]  __x64_sys_open_by_handle_at+0x44/0x50
[   50.856025][ T4342]  x64_sys_call+0xaa0/0x2fb0
[   50.856083][ T4342]  do_syscall_64+0xd2/0x200
[   50.856108][ T4342]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   50.856136][ T4342]  ? clear_bhb_loop+0x40/0x90
[   50.856230][ T4342]  ? clear_bhb_loop+0x40/0x90
[   50.856288][ T4342]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.856366][ T4342] RIP: 0033:0x7f18ce81e9a9
[   50.856389][ T4342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   50.856484][ T4342] RSP: 002b:00007f18cce7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130
[   50.856508][ T4342] RAX: ffffffffffffffda RBX: 00007f18cea45fa0 RCX: 00007f18ce81e9a9
[   50.856524][ T4342] RDX: 0000000000088800 RSI: 0000200000000100 RDI: 0000000000000005
[   50.856536][ T4342] RBP: 00007f18cce7f090 R08: 0000000000000000 R09: 0000000000000000
[   50.856547][ T4342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   50.856557][ T4342] R13: 0000000000000000 R14: 00007f18cea45fa0 R15: 00007ffc3ed40198
[   50.856575][ T4342]  </TASK>
[   51.043363][ T4336] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   51.120145][ T4336] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.309: Allocating blocks 449-513 which overlap fs metadata
[   51.138761][ T4335] EXT4-fs (loop3): pa ffff8881069751c0: logic 48, phys. 177, len 21
[   51.146871][ T4335] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   51.193064][ T4355] loop1: detected capacity change from 0 to 256
[   51.277625][ T3311] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.426602][ T4377] loop1: detected capacity change from 0 to 1024
[   51.460816][ T4377] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   51.564832][ T3303] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.628870][ T4393] loop2: detected capacity change from 0 to 1024
[   51.681239][ T4393] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.330: Allocating blocks 449-513 which overlap fs metadata
[   51.757590][ T4392] EXT4-fs (loop2): pa ffff8881069752a0: logic 48, phys. 177, len 21
[   51.765758][ T4392] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   51.867328][ T4400] loop2: detected capacity change from 0 to 512
[   51.894762][ T4400] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.332: bg 0: block 5: invalid block bitmap
[   51.927062][ T4400] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6548: Corrupt filesystem
[   51.936158][ T4400] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #11: comm syz.2.332: invalid indirect mapped block 3 (level 2)
[   51.950296][ T4398] loop1: detected capacity change from 0 to 256
[   51.970965][ T4400] EXT4-fs (loop2): 2 truncates cleaned up
[   52.114754][ T4410] loop1: detected capacity change from 0 to 512
[   52.130022][ T4410] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.336: Failed to acquire dquot type 1
[   52.143732][ T4410] EXT4-fs (loop1): 1 truncate cleaned up
[   52.150236][ T4410] ext4 filesystem being mounted at /79/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   52.279845][ T4425] loop0: detected capacity change from 0 to 1024
[   52.321756][ T4423] loop2: detected capacity change from 0 to 1024
[   52.378164][ T4425] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.343: Allocating blocks 449-513 which overlap fs metadata
[   52.401381][ T4424] EXT4-fs (loop0): pa ffff8881069e2230: logic 48, phys. 177, len 21
[   52.409575][ T4424] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   52.447036][ T4429] loop4: detected capacity change from 0 to 256
[   52.513322][ T4439] ALSA: seq fatal error: cannot create timer (-19)
[   52.603352][ T4449] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   52.612666][ T4449] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   52.624167][ T4450] loop3: detected capacity change from 0 to 512
[   52.659267][ T4450] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22
[   52.876046][ T4461] loop4: detected capacity change from 0 to 1024
[   53.185240][ T4473] loop0: detected capacity change from 0 to 1024
[   53.232479][ T4473] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.359: Allocating blocks 449-513 which overlap fs metadata
[   53.263888][ T4472] EXT4-fs (loop0): pa ffff888106975230: logic 48, phys. 177, len 21
[   53.272078][ T4472] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   53.285579][   T29] kauditd_printk_skb: 412 callbacks suppressed
[   53.285645][   T29] audit: type=1326 audit(1753633983.363:1618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4477 comm="syz.4.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc540bde9a9 code=0x7ffc0000
[   53.367762][   T29] audit: type=1326 audit(1753633983.403:1619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4477 comm="syz.4.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7fc540bde9a9 code=0x7ffc0000
[   53.391285][   T29] audit: type=1326 audit(1753633983.403:1620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4477 comm="syz.4.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc540bde9a9 code=0x7ffc0000
[   53.427375][   T29] audit: type=1326 audit(1753633983.503:1621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4479 comm="syz.4.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc540bde9a9 code=0x7ffc0000
[   53.468705][ T4481] loop4: detected capacity change from 0 to 256
[   53.481874][   T29] audit: type=1326 audit(1753633983.533:1622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4479 comm="syz.4.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fc540bde9a9 code=0x7ffc0000
[   53.505394][   T29] audit: type=1326 audit(1753633983.533:1623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4479 comm="syz.4.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc540bde9e3 code=0x7ffc0000
[   53.528593][   T29] audit: type=1326 audit(1753633983.543:1624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4479 comm="syz.4.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc540bdd45f code=0x7ffc0000
[   53.551878][   T29] audit: type=1326 audit(1753633983.543:1625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4479 comm="syz.4.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fc540bdea37 code=0x7ffc0000
[   53.575378][   T29] audit: type=1326 audit(1753633983.543:1626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4479 comm="syz.4.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc540bdd310 code=0x7ffc0000
[   53.598834][   T29] audit: type=1326 audit(1753633983.553:1627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4479 comm="syz.4.362" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc540bde5ab code=0x7ffc0000
[   53.718279][ T2994] udevd[2994]: worker [3295] terminated by signal 33 (Unknown signal 33)
[   53.732246][ T2994] udevd[2994]: worker [3295] failed while handling '/devices/virtual/block/loop4'
[   53.799516][ T4499] loop0: detected capacity change from 0 to 1024
[   53.810466][ T4501] loop3: detected capacity change from 0 to 512
[   53.825007][ T4501] EXT4-fs (loop3): Invalid log cluster size: 31
[   53.853141][ T4501] loop3: detected capacity change from 0 to 512
[   53.892127][ T4501] EXT4-fs (loop3): Invalid log cluster size: 31
[   53.969379][ T4508] loop3: detected capacity change from 0 to 1024
[   54.028939][ T4515] FAULT_INJECTION: forcing a failure.
[   54.028939][ T4515] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   54.042097][ T4515] CPU: 0 UID: 0 PID: 4515 Comm: syz.4.374 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(voluntary) 
[   54.042134][ T4515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   54.042171][ T4515] Call Trace:
[   54.042179][ T4515]  <TASK>
[   54.042189][ T4515]  __dump_stack+0x1d/0x30
[   54.042213][ T4515]  dump_stack_lvl+0xe8/0x140
[   54.042233][ T4515]  dump_stack+0x15/0x1b
[   54.042252][ T4515]  should_fail_ex+0x265/0x280
[   54.042348][ T4515]  should_fail+0xb/0x20
[   54.042380][ T4515]  should_fail_usercopy+0x1a/0x20
[   54.042450][ T4515]  _copy_to_user+0x20/0xa0
[   54.042476][ T4515]  simple_read_from_buffer+0xb5/0x130
[   54.042559][ T4515]  proc_fail_nth_read+0x100/0x140
[   54.042598][ T4515]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   54.042648][ T4515]  vfs_read+0x1a0/0x6f0
[   54.042678][ T4515]  ? putname+0xda/0x100
[   54.042696][ T4515]  ? __rcu_read_unlock+0x4f/0x70
[   54.042779][ T4515]  ? __fget_files+0x184/0x1c0
[   54.042804][ T4515]  ksys_read+0xda/0x1a0
[   54.042911][ T4515]  __x64_sys_read+0x40/0x50
[   54.042946][ T4515]  x64_sys_call+0x2d77/0x2fb0
[   54.043003][ T4515]  do_syscall_64+0xd2/0x200
[   54.043027][ T4515]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   54.043108][ T4515]  ? clear_bhb_loop+0x40/0x90
[   54.043128][ T4515]  ? clear_bhb_loop+0x40/0x90
[   54.043223][ T4515]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.043250][ T4515] RIP: 0033:0x7fc540bdd3bc
[   54.043336][ T4515] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   54.043359][ T4515] RSP: 002b:00007fc53f247030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   54.043383][ T4515] RAX: ffffffffffffffda RBX: 00007fc540e05fa0 RCX: 00007fc540bdd3bc
[   54.043394][ T4515] RDX: 000000000000000f RSI: 00007fc53f2470a0 RDI: 0000000000000004
[   54.043406][ T4515] RBP: 00007fc53f247090 R08: 0000000000000000 R09: 0000000000000000
[   54.043417][ T4515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   54.043510][ T4515] R13: 0000000000000000 R14: 00007fc540e05fa0 R15: 00007fff34885598
[   54.043534][ T4515]  </TASK>
[   54.074323][ T4508] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.372: Allocating blocks 449-513 which overlap fs metadata
[   54.272385][ T4507] EXT4-fs (loop3): pa ffff8881069752a0: logic 48, phys. 177, len 21
[   54.280728][ T4507] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   54.381582][ T4522] loop4: detected capacity change from 0 to 256
[   54.411928][ T4527] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.468264][ T4527] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.518742][ T4527] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.585705][ T4527] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   54.685990][ T4527] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   54.722661][ T4527] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   54.754235][ T4527] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   54.758185][ T4545] loop4: detected capacity change from 0 to 1024
[   54.785843][ T4527] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   54.847943][ T4547] loop2: detected capacity change from 0 to 8192
[   54.888461][ T4545] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:4113: comm syz.4.387: Allocating blocks 449-513 which overlap fs metadata
[   54.916508][ T4544] EXT4-fs (loop4): pa ffff8881069e21c0: logic 48, phys. 177, len 21
[   54.924598][ T4544] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   54.939492][ T4547] Driver unsupported XDP return value 0 on prog  (id 384) dev N/A, expect packet loss!
[   55.027437][ T4555] loop3: detected capacity change from 0 to 256
[   55.091941][ T4563] loop4: detected capacity change from 0 to 1024
[   55.311114][ T4573] loop4: detected capacity change from 0 to 2048
[   55.485145][ T4586] loop0: detected capacity change from 0 to 1024
[   55.528498][ T4586] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.403: Allocating blocks 449-513 which overlap fs metadata
[   55.545416][ T4585] EXT4-fs (loop0): pa ffff8881069e22a0: logic 48, phys. 177, len 21
[   55.553557][ T4585] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   55.848656][ T4607] loop0: detected capacity change from 0 to 1024
[   55.894355][ T4613] FAULT_INJECTION: forcing a failure.
[   55.894355][ T4613] name failslab, interval 1, probability 0, space 0, times 0
[   55.907234][ T4613] CPU: 0 UID: 0 PID: 4613 Comm: syz.2.413 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(voluntary) 
[   55.907288][ T4613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   55.907300][ T4613] Call Trace:
[   55.907307][ T4613]  <TASK>
[   55.907315][ T4613]  __dump_stack+0x1d/0x30
[   55.907336][ T4613]  dump_stack_lvl+0xe8/0x140
[   55.907356][ T4613]  dump_stack+0x15/0x1b
[   55.907372][ T4613]  should_fail_ex+0x265/0x280
[   55.907440][ T4613]  should_failslab+0x8c/0xb0
[   55.907561][ T4613]  __kmalloc_node_noprof+0xa9/0x410
[   55.907588][ T4613]  ? qdisc_alloc+0x65/0x440
[   55.907636][ T4613]  qdisc_alloc+0x65/0x440
[   55.907711][ T4613]  ? nla_strcmp+0xc3/0xe0
[   55.907730][ T4613]  qdisc_create+0xf5/0x9e0
[   55.907800][ T4613]  tc_modify_qdisc+0xf2e/0x1420
[   55.907835][ T4613]  ? __pfx_tc_modify_qdisc+0x10/0x10
[   55.907924][ T4613]  rtnetlink_rcv_msg+0x65a/0x6d0
[   55.907952][ T4613]  netlink_rcv_skb+0x123/0x220
[   55.907986][ T4613]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[   55.908085][ T4613]  rtnetlink_rcv+0x1c/0x30
[   55.908112][ T4613]  netlink_unicast+0x5a8/0x680
[   55.908146][ T4613]  netlink_sendmsg+0x58b/0x6b0
[   55.908218][ T4613]  ? __pfx_netlink_sendmsg+0x10/0x10
[   55.908239][ T4613]  __sock_sendmsg+0x142/0x180
[   55.908265][ T4613]  ____sys_sendmsg+0x31e/0x4e0
[   55.908287][ T4613]  ___sys_sendmsg+0x17b/0x1d0
[   55.908338][ T4613]  __x64_sys_sendmsg+0xd4/0x160
[   55.908362][ T4613]  x64_sys_call+0x2999/0x2fb0
[   55.908384][ T4613]  do_syscall_64+0xd2/0x200
[   55.908402][ T4613]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   55.908536][ T4613]  ? clear_bhb_loop+0x40/0x90
[   55.908557][ T4613]  ? clear_bhb_loop+0x40/0x90
[   55.908579][ T4613]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.908600][ T4613] RIP: 0033:0x7f18ce81e9a9
[   55.908615][ T4613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   55.908708][ T4613] RSP: 002b:00007f18cce7f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   55.908726][ T4613] RAX: ffffffffffffffda RBX: 00007f18cea45fa0 RCX: 00007f18ce81e9a9
[   55.908738][ T4613] RDX: 0000000020000000 RSI: 0000200000000200 RDI: 0000000000000004
[   55.908750][ T4613] RBP: 00007f18cce7f090 R08: 0000000000000000 R09: 0000000000000000
[   55.908786][ T4613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   55.908798][ T4613] R13: 0000000000000000 R14: 00007f18cea45fa0 R15: 00007ffc3ed40198
[   55.908818][ T4613]  </TASK>
[   56.205368][ T4620] loop2: detected capacity change from 0 to 1024
[   56.280340][ T4620] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.416: Allocating blocks 449-513 which overlap fs metadata
[   56.291797][ T4626] loop3: detected capacity change from 0 to 8192
[   56.302797][ T4626] netlink: 48 bytes leftover after parsing attributes in process `syz.3.418'.
[   56.350323][ T4618] EXT4-fs (loop2): pa ffff888106975230: logic 48, phys. 177, len 21
[   56.358442][ T4618] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   56.502191][ T4645] netlink: 20 bytes leftover after parsing attributes in process `syz.2.425'.
[   56.585637][ T4652] loop2: detected capacity change from 0 to 1024
[   56.597778][ T4652] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   56.608746][ T4652] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   56.632588][ T4652] JBD2: no valid journal superblock found
[   56.638432][ T4652] EXT4-fs (loop2): Could not load journal inode
[   56.648463][ T4652] netlink: 642 bytes leftover after parsing attributes in process `syz.2.427'.
[   56.771475][ T4665] loop0: detected capacity change from 0 to 1024
[   56.811362][ T4665] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.433: Allocating blocks 449-513 which overlap fs metadata
[   56.827742][ T4664] EXT4-fs (loop0): pa ffff8881069e2230: logic 48, phys. 177, len 21
[   56.835924][ T4664] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   56.871066][ T4671] loop0: detected capacity change from 0 to 512
[   56.882011][ T4671] EXT4-fs (loop0): can't mount with data_err=abort, fs mounted w/o journal
[   56.936100][ T4663] bond0: (slave veth0_to_hsr): Error: Device can not be enslaved while up
[   57.284808][ T4688] loop4: detected capacity change from 0 to 1024
[   57.305720][ T4690] FAULT_INJECTION: forcing a failure.
[   57.305720][ T4690] name failslab, interval 1, probability 0, space 0, times 0
[   57.318484][ T4690] CPU: 0 UID: 0 PID: 4690 Comm: syz.3.440 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(voluntary) 
[   57.318520][ T4690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   57.318536][ T4690] Call Trace:
[   57.318599][ T4690]  <TASK>
[   57.318609][ T4690]  __dump_stack+0x1d/0x30
[   57.318630][ T4690]  dump_stack_lvl+0xe8/0x140
[   57.318648][ T4690]  dump_stack+0x15/0x1b
[   57.318664][ T4690]  should_fail_ex+0x265/0x280
[   57.318697][ T4690]  should_failslab+0x8c/0xb0
[   57.318740][ T4690]  kmem_cache_alloc_noprof+0x50/0x310
[   57.318839][ T4690]  ? skb_clone+0x151/0x1f0
[   57.318868][ T4690]  skb_clone+0x151/0x1f0
[   57.318886][ T4690]  __netlink_deliver_tap+0x2c9/0x500
[   57.318913][ T4690]  netlink_unicast+0x653/0x680
[   57.318983][ T4690]  netlink_sendmsg+0x58b/0x6b0
[   57.319020][ T4690]  ? __pfx_netlink_sendmsg+0x10/0x10
[   57.319047][ T4690]  __sock_sendmsg+0x142/0x180
[   57.319152][ T4690]  ____sys_sendmsg+0x31e/0x4e0
[   57.319182][ T4690]  ___sys_sendmsg+0x17b/0x1d0
[   57.319222][ T4690]  __x64_sys_sendmsg+0xd4/0x160
[   57.319326][ T4690]  x64_sys_call+0x2999/0x2fb0
[   57.319461][ T4690]  do_syscall_64+0xd2/0x200
[   57.319485][ T4690]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   57.319597][ T4690]  ? clear_bhb_loop+0x40/0x90
[   57.319626][ T4690]  ? clear_bhb_loop+0x40/0x90
[   57.319654][ T4690]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.319701][ T4690] RIP: 0033:0x7f31eca2e9a9
[   57.319720][ T4690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   57.319743][ T4690] RSP: 002b:00007f31eb097038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   57.319825][ T4690] RAX: ffffffffffffffda RBX: 00007f31ecc55fa0 RCX: 00007f31eca2e9a9
[   57.319838][ T4690] RDX: 0000000000000040 RSI: 0000200000000040 RDI: 0000000000000003
[   57.319849][ T4690] RBP: 00007f31eb097090 R08: 0000000000000000 R09: 0000000000000000
[   57.319861][ T4690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   57.319876][ T4690] R13: 0000000000000000 R14: 00007f31ecc55fa0 R15: 00007ffc5041d638
[   57.319979][ T4690]  </TASK>
[   57.641433][ T4703] loop2: detected capacity change from 0 to 1024
[   57.741279][ T4703] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.445: Allocating blocks 449-513 which overlap fs metadata
[   57.790738][ T4702] EXT4-fs (loop2): pa ffff8881069e2310: logic 48, phys. 177, len 21
[   57.798942][ T4702] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   58.053080][ T4741] loop0: detected capacity change from 0 to 1024
[   58.146603][ T4750] netlink: 132 bytes leftover after parsing attributes in process `syz.2.463'.
[   58.155813][ T4750] Zero length message leads to an empty skb
[   58.182693][ T4753] loop2: detected capacity change from 0 to 1024
[   58.213258][ T4753] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.464: Allocating blocks 449-513 which overlap fs metadata
[   58.229097][ T4752] EXT4-fs (loop2): pa ffff8881069e2230: logic 48, phys. 177, len 21
[   58.237203][ T4752] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   58.270416][ T4757] FAULT_INJECTION: forcing a failure.
[   58.270416][ T4757] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   58.283632][ T4757] CPU: 0 UID: 0 PID: 4757 Comm: syz.2.465 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(voluntary) 
[   58.283664][ T4757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   58.283680][ T4757] Call Trace:
[   58.283688][ T4757]  <TASK>
[   58.283697][ T4757]  __dump_stack+0x1d/0x30
[   58.283783][ T4757]  dump_stack_lvl+0xe8/0x140
[   58.283800][ T4757]  dump_stack+0x15/0x1b
[   58.283820][ T4757]  should_fail_ex+0x265/0x280
[   58.283874][ T4757]  should_fail+0xb/0x20
[   58.283898][ T4757]  should_fail_usercopy+0x1a/0x20
[   58.283925][ T4757]  _copy_from_user+0x1c/0xb0
[   58.283976][ T4757]  __copy_msghdr+0x244/0x300
[   58.284006][ T4757]  ___sys_sendmsg+0x109/0x1d0
[   58.284041][ T4757]  __sys_sendmmsg+0x178/0x300
[   58.284067][ T4757]  __x64_sys_sendmmsg+0x57/0x70
[   58.284084][ T4757]  x64_sys_call+0x2f2f/0x2fb0
[   58.284164][ T4757]  do_syscall_64+0xd2/0x200
[   58.284195][ T4757]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   58.284219][ T4757]  ? clear_bhb_loop+0x40/0x90
[   58.284304][ T4757]  ? clear_bhb_loop+0x40/0x90
[   58.284323][ T4757]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   58.284341][ T4757] RIP: 0033:0x7f18ce81e9a9
[   58.284354][ T4757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   58.284427][ T4757] RSP: 002b:00007f18cce7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   58.284443][ T4757] RAX: ffffffffffffffda RBX: 00007f18cea45fa0 RCX: 00007f18ce81e9a9
[   58.284461][ T4757] RDX: 0000000000000001 RSI: 0000200000000440 RDI: 0000000000000012
[   58.284472][ T4757] RBP: 00007f18cce7f090 R08: 0000000000000000 R09: 0000000000000000
[   58.284513][ T4757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   58.284523][ T4757] R13: 0000000000000000 R14: 00007f18cea45fa0 R15: 00007ffc3ed40198
[   58.284540][ T4757]  </TASK>
[   58.502664][   T29] kauditd_printk_skb: 405 callbacks suppressed
[   58.502681][   T29] audit: type=1400 audit(1753633988.583:2033): avc:  denied  { create } for  pid=4760 comm="syz.2.467" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   58.529112][   T29] audit: type=1400 audit(1753633988.583:2034): avc:  denied  { setopt } for  pid=4760 comm="syz.2.467" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   58.607984][   T29] audit: type=1400 audit(1753633988.693:2035): avc:  denied  { write } for  pid=4760 comm="syz.2.467" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   58.666494][   T29] audit: type=1400 audit(1753633988.743:2036): avc:  denied  { read } for  pid=4760 comm="syz.2.467" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   58.756625][   T29] audit: type=1326 audit(1753633988.813:2037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4767 comm="syz.1.470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f263613e9a9 code=0x7ffc0000
[   58.810121][   T29] audit: type=1326 audit(1753633988.893:2038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4767 comm="syz.1.470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f263613e9a9 code=0x7ffc0000
[   58.903604][   T29] audit: type=1326 audit(1753633988.923:2039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4767 comm="syz.1.470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f263613e9a9 code=0x7ffc0000
[   58.927125][   T29] audit: type=1326 audit(1753633988.923:2040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4767 comm="syz.1.470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f263613e9a9 code=0x7ffc0000
[   58.950645][   T29] audit: type=1326 audit(1753633988.923:2041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4767 comm="syz.1.470" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f263613e9a9 code=0x7ffc0000
[   58.974017][   T29] audit: type=1326 audit(1753633988.933:2042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4772 comm="syz.3.473" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f31eca2e9a9 code=0x7ffc0000
[   59.006351][ T4780] loop3: detected capacity change from 0 to 1024
[   59.046719][ T4786] netlink: 12 bytes leftover after parsing attributes in process `syz.0.476'.
[   59.068166][ T4786] 8021q: adding VLAN 0 to HW filter on device bond1
[   59.090457][ T4786] vlan2: entered allmulticast mode
[   59.095680][ T4786] bond1: entered allmulticast mode
[   59.131188][ T4798] SELinux:  policydb version 1675088414 does not match my version range 15-34
[   59.142364][ T4780] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4113: comm syz.3.475: Allocating blocks 449-513 which overlap fs metadata
[   59.144773][ T4798] SELinux: failed to load policy
[   59.162366][ T4778] EXT4-fs (loop3): pa ffff8881069e2310: logic 48, phys. 177, len 21
[   59.163986][ T4798] netlink: 'syz.0.476': attribute type 21 has an invalid length.
[   59.170583][ T4778] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   59.212216][ T4798] netlink: 132 bytes leftover after parsing attributes in process `syz.0.476'.
[   59.221326][ T4798] netlink: 20 bytes leftover after parsing attributes in process `syz.0.476'.
[   59.276444][   T12] ==================================================================
[   59.284704][   T12] BUG: KCSAN: data-race in l2tp_tunnel_del_work / sk_common_release
[   59.292753][   T12] 
[   59.295106][   T12] write to 0xffff88810359c8a0 of 8 bytes by task 4794 on cpu 1:
[   59.302786][   T12]  sk_common_release+0xae/0x220
[   59.307699][   T12]  udp_lib_close+0x15/0x20
[   59.312139][   T12]  inet_release+0xcb/0xf0
[   59.316502][   T12]  inet6_release+0x3e/0x60
[   59.320942][   T12]  sock_close+0x6b/0x150
[   59.325555][   T12]  __fput+0x298/0x650
[   59.329578][   T12]  ____fput+0x1c/0x30
[   59.333593][   T12]  task_work_run+0x12e/0x1a0
[   59.338211][   T12]  get_signal+0xe13/0xf70
[   59.342570][   T12]  arch_do_signal_or_restart+0x96/0x480
[   59.348138][   T12]  exit_to_user_mode_loop+0x7a/0x100
[   59.353455][   T12]  do_syscall_64+0x1d6/0x200
[   59.358071][   T12]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.363991][   T12] 
[   59.366328][   T12] read to 0xffff88810359c8a0 of 8 bytes by task 12 on cpu 0:
[   59.373720][   T12]  l2tp_tunnel_del_work+0x2f/0x1a0
[   59.378869][   T12]  process_scheduled_works+0x4cb/0x9d0
[   59.384362][   T12]  worker_thread+0x582/0x770
[   59.388987][   T12]  kthread+0x486/0x510
[   59.393079][   T12]  ret_from_fork+0xda/0x150
[   59.397610][   T12]  ret_from_fork_asm+0x1a/0x30
[   59.402406][   T12] 
[   59.404743][   T12] value changed: 0xffff888106b69380 -> 0x0000000000000000
[   59.411867][   T12] 
[   59.414202][   T12] Reported by Kernel Concurrency Sanitizer on:
[   59.420369][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(voluntary) 
[   59.432806][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   59.442970][   T12] Workqueue: l2tp l2tp_tunnel_del_work
[   59.448468][   T12] ==================================================================