last executing test programs:

1.445184698s ago: executing program 4 (id=282):
r0 = socket(0x40000000015, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r0, 0x89e0, &(0x7f0000000240)={r0})
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$PIO_UNIMAPCLR(r1, 0x4b68, &(0x7f0000000040)={0x2, 0x5, 0x9})

1.34639993s ago: executing program 1 (id=285):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000080)={[{@sb={'sb', 0x3d, 0x1}}, {@block_validity}]}, 0x4, 0x523, &(0x7f00000018c0)="$eJzs3cFvG1kZAPBvnLhJs+mmC3sABGxZFgqq6iTubrTqhfYCQlUlRMWJQxsSN4pi11Hsiib0kB65V6ISJ+A/4MYBqScO3LjBjUs5IBWoQA0SB6MZT1I3sZNAnbiJfz9pMvPeTP29F/e953mR5wUwtC5ExGZEnImIOxExlecn+RbX2lt63csXDxe2XjxcSKLVuvX3JDuf5kXHv0m9k7/meER8/zsRP0r2xm2sb6zMV6uVtTw93aytTjfWNy4vF/Kc8tzs3MynVz4p962uH9R+/fzbyzd+8NvffOnZHza/+ZO0WJM/PZed66xHP7WrXozJjrzRiLhxFMEGZDT//8PJk7a2z0TEh1n7n4qR7N0EAE6zVmsqWlOdaQDgtEvv/ycjKZTyuYDJKBRKpfYc3vsxUajWG81LU/X79xYjm8M6H8XC3eVqZSafKzwfxSRNz2bHr9Ll19KPK1ci4r2IeDx2NjtfWqhXFwf5wQcAhtg7u8b/f421x/9OxUEVDgA4OuODLgAAcOyM/wAwfIz/ADB8/ofx37cDAeCUcP8PAMPH+A8Aw+fA8f/R8ZQDADgW37t5M91aW+3nX28/qfvyYqWxUqrdXygt1NdWS0v1+lK1UlpotQ56vWq9vjr78U6ysb5xu1a/f695e7k2v1S5XfEsAQAYvPc+ePqndNDfvHo226JjLQdjNZxuhUEXABiYkUEXABgY3+eB4XWIe3zTAHDKdVmity2fIEh6XfDE4q9wUl38vPl/GFZvMv9v7gBOtv9v/v9bfS8HcPyM4TC8Wq3Emv8AMGTM8QM9//6f6/mIkCf9LwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFJPZlhRK2Vrgm+nPQqkUcS4izkcxubtcrcxExLsR8cex4lianh10oQGAN1T4a5Kv/3Vx6qPJ3WfPJP8ey/YR8eOf3/rZg/lmc202zf/HTn7zSZp/trlWPjOICgAAna7tzcrG73K+77iRf/ni4cL2dpxFfH69vbhoGncr39pnRmM0249HMSIm/pnk6bb088pIH+JvPoqIz23XfzwedESYzOZA2iuf7o6fxj7X9/idv//d8Quv1beQnUv3xex38dnYVTjgQE+vt/vJvO2lTTxvf4W4kO27t//xrId6c2n/lzbXrT39X2Gn/xvZEz/J2vyFnfT+JXn+8e++uyezNdU+9yjiC6Pd4ic78ZPu/W/xo0PW8c9f/PKHvc61fhFxsWv9t1ekrmXd7HSztjrdWN+4vFybX6osVe6Vy3OzczOfXvmkPJ3NUbd//r5bjL9dvfRur/hp/Sd6xB/fv/7xtUPW/5f/ufPDr+wT/xtf7f7+v79P/HRM/Poh489PXOu5fHcaf7FH/Q94/+PSIeM/+8vG4iEvBQCOQWN9Y2W+Wq2sHXCQftY86BoHhz9I7+3fgmJkB7EZ0a8XzCYlIqLrNekn6rejykd1kAws+q/6/YKD7pmAo/aq0Q+6JAAAAAAAAAAAAAAAQC+N9Y2Vse7f1urbwaDrCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn13wAAAP//KHnENg==")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000380)=[{0x200000000006, 0x1, 0x7, 0x7ffc1ffb}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x18)
getrusage(0x1, 0x0)

1.34617345s ago: executing program 4 (id=286):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000030400000000fcffecff00000400", @ANYRES32=0x0, @ANYBLOB="61040100000000002400128009000100626f6e64000000001400028008000f0009"], 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x44004)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x80049367, &(0x7f0000000040))

1.226649291s ago: executing program 1 (id=290):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1}})
ioctl$SNDRV_TIMER_IOCTL_STOP(r0, 0x54a1)
socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0xcd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x800000000000}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
mmap$perf(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x11, r1, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = socket(0x2a, 0x2, 0x0)
getsockname$packet(r4, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)=@getchain={0x3c, 0x66, 0x1, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x6, 0x9}, {0x3, 0x6}, {0x3, 0xffff}}, [{0x8, 0xb, 0x8001}, {0x8}, {0x8, 0xb, 0xfffffff9}]}, 0x3c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x29a83a768e447add)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd2d, 0x20000000, {0x0, 0x0, 0x0, r5, {0x5, 0x2}, {}, {0x5, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0x0, 0x1}}, @TCA_FLOWER_FLAGS={0x8, 0x16, 0x2}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0x2)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000003c0)=0x3)
ioctl$TIOCVHANGUP(r3, 0x5437, 0x2)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, &(0x7f00000002c0)=0x10)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r2, 0x84, 0x83, &(0x7f0000000000)=@assoc_value, &(0x7f00000004c0)=0x27)
perf_event_open(&(0x7f0000000040)={0x6, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x307, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x7, 0x4, 0x400008, 0x8000, 0x0, 0x0, 0x0, 0x20000}, 0x0, 0x0, r1, 0x3)
pipe2(&(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff}, 0x0)
r9 = socket$inet(0xa, 0x801, 0x84)
sendmsg$can_j1939(r7, 0x0, 0x0)
listen(r9, 0x8)
accept4(r9, 0x0, 0x0, 0x0)
splice(0xffffffffffffffff, 0x0, r8, 0x0, 0x1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)

1.169136722s ago: executing program 4 (id=292):
r0 = perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x67a, 0x1, 0xfffffffe, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x15, 0x2, &(0x7f0000000100)=@raw=[@ldst={0x1, 0x0, 0x4, 0x0, 0x1, 0x20}, @jmp={0x5, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2000000}], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

1.139669133s ago: executing program 0 (id=294):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001680)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffc01, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001c80)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x62, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
r1 = io_uring_setup(0x758a, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x3b6})
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue0\x00'})
socket$qrtr(0x2a, 0x2, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

1.097093093s ago: executing program 4 (id=295):
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000300)={0x0, 0xef, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b40000001000090400ef00000000000000002200", @ANYRES32=0x0, @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x8004)

1.096643553s ago: executing program 0 (id=296):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000240)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r2 = socket$kcm(0xa, 0x1, 0x106)
r3 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4)
r4 = getpid()
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), r3)
sendmsg$DEVLINK_CMD_RELOAD(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r6, 0x1, 0x70bd26, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r4}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040010}, 0x0)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r3, 0x10e, 0x4, &(0x7f0000000640)=0x1800, 0x4)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000013000000850000008600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r8}, 0x18)
sendmsg$kcm(r2, &(0x7f00000019c0)={&(0x7f0000000080)=@l2tp6={0xa, 0x0, 0x0, @dev, 0x5}, 0x80, 0x0}, 0x24004059)
close(r2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000f40)=ANY=[@ANYBLOB="4000000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff00000000180012800e0001007769726567756172640000000400028008000a00bc"], 0x40}}, 0x0)

1.020031705s ago: executing program 4 (id=299):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="900000000b0601040000000000000000050000082c0001"], 0x90}, 0x1, 0x0, 0x0, 0x20000000}, 0x10800)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000340)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r2}, 0x10)
sendto$inet6(r1, &(0x7f0000001600)="a4a3a975408411aaad6856a7d45edb1e771dd3f9cfc032b8f5cee912573cd9a5d0979996cc90fc7a53e80eed4858df9d53201419a0dad0bf21d92b85d4d1a5bcc3ad9fd5db1dfcbd6b9ca14a6735ab903204365abad93186c18b5f6aa28a1bba7112e17d15e8868286c4c425f92224604f45ca877495aebaa80d1c342e089e1829b91f75cf63a72c51f2de300d9fc0a3d5ecd3f6327958d37f934dfce0a6e654a6c86592d5f8e4cdd6ff64e79a08340101022077e6812e352d96d6c39e264d", 0xbf, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYBLOB="00000000010000007f4e980d0000000000000000", @ANYRESDEC, @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001740)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$key(0xf, 0x3, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000001700)=0x4)
syz_clone3(&(0x7f0000000680)={0x2080, &(0x7f0000000380), &(0x7f00000003c0), &(0x7f0000000200), {0x34}, &(0x7f0000000540)=""/132, 0x84, &(0x7f00000014c0)=""/69, &(0x7f00000008c0)=[0x0, 0x0, 0x0], 0x3}, 0x58)
r3 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0)
mq_timedsend(r3, 0x0, 0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000680)={{r4}, &(0x7f00000000c0), &(0x7f0000000140)='%pi6   \x00'}, 0x20)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94)
r5 = inotify_init1(0x0)
inotify_add_watch(r5, &(0x7f0000000400)='.\x00', 0xa4000021)
close(r5)

740.578239ms ago: executing program 3 (id=302):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, 0x0, 0x0, 0x0, 0xfffffffffffffe01, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r1, 0x0, 0x0)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000001000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f00000007c0)=ANY=[@ANYRES16=r2, @ANYRES16=r0, @ANYBLOB="37044a5b6a60f5b0530048e0ed710fc551b361d400a8eb82c14643b09ad3e76bf22ddf7279f317726e35cb48b8a9c6c07543cb51907618e0bddf46e19036515af2810b061f568b71a0328c09d54089be36c64543ae1b39f9f6203eae12e263f2a98af89a5d6de14254bb3967505db902d80d519caf6e2f", @ANYRES8=0x0], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r3}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vxcan0\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vxcan0\x00'})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000440)={'ip6gre0\x00', &(0x7f0000000180)={'syztnl2\x00', 0x0, 0x0, 0x8, 0x80, 0x2, 0x24, @ipv4={'\x00', '\xff\xff', @loopback}, @loopback, 0x40, 0x700, 0x200, 0x1000}})
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r1, &(0x7f0000000640)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000480)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="040027bd69aad50a7d250a000000"], 0x14}, 0x1, 0x0, 0x0, 0x20}, 0x4000000) (async)
sendmsg$MPTCP_PM_CMD_SUBFLOW_CREATE(r1, &(0x7f0000000640)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000480)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="040027bd69aad50a7d250a000000"], 0x14}, 0x1, 0x0, 0x0, 0x20}, 0x4000000)
syz_emit_ethernet(0x5c, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0008004500004e00000000e9879078000000000000000000000001003a907842090000000000009cc18437269182954156db8db1d7014fa662d8c2ac0cdacd59074a6b7fad6491599eab1b79e8fb43bc17"], 0x0)
getsockname$packet(r1, 0x0, 0x0)
sendmsg$nl_route(r1, 0x0, 0x4040)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)) (async)
socketpair(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'ip6_vti0\x00', 0x200})
perf_event_open(&(0x7f00000001c0)={0x0, 0x80, 0x63, 0x2, 0x0, 0x0, 0x0, 0x0, 0x37a05, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x4, @perf_config_ext={0x500}, 0x1075, 0x4, 0x0, 0x0, 0xffffffffffffbbfe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1c0000000000000}, 0x0, 0x1, 0xffffffffffffffff, 0x1)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd77, 0x4, @perf_config_ext, 0x0, 0xc8, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) (async)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r6=>0xffffffffffffffff})
close(r6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) (async)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x89f1, &(0x7f0000000080))
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r4}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r4}, 0x10)

701.020679ms ago: executing program 4 (id=303):
gettid()
r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffffffff5]}, 0x8, 0x80000)
readv(r0, &(0x7f0000002940)=[{&(0x7f00000000c0)=""/121, 0x80}, {0x0}], 0x20000000000000d6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000bc0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYRESOCT=r0], &(0x7f0000000040)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xb8af, @void, @value}, 0x94)

697.344559ms ago: executing program 2 (id=304):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket(0x840000000002, 0x3, 0xff)
setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10)
sendmmsg$inet(r3, &(0x7f0000000440)=[{{&(0x7f00000003c0)={0x2, 0x1, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a9050000000074640000000000003552bde5c064c6", 0x15}, {&(0x7f00000002c0)="174640b6d80fb2eedc81ba60ccbb9d", 0xf}], 0x2}}, {{&(0x7f00000004c0)={0x2, 0x4e20, @multicast1}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000340)="5825be57aff9352b356be67ca2746357d1787935", 0x14}], 0x1}}], 0x2, 0x840)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000ac0)=ANY=[@ANYBLOB="75746638006d61703d6f983c756661703d6e6f726d616c2c6909000000f2ff00003dda5de4d586f0df206d65656b416d6f64653d3078303030303010303071303030303030302c73657373696f6e3d307830faffffff30303030303030f4e4b4f82c6d61736b3d4d4159574b50be30c8486470722677b93165cfe6f62127553b2017754598752d977369672c7063723d303030303030303030303030303030303030332c64566e745f6d6561737572652c00000000000000006bbf4d6406b59dbc529c00000000000000fada265ab14119997600a2299d2c35a2efc1bf037787a0d801f26d335ef2ba9ac2423a358ccbb776b21e1d3b", @ANYRESDEC=0x0, @ANYRESHEX], 0xfe, 0x677, &(0x7f0000000c00)="$eJzs3UtvG9fdx/HfUNT1AYwHbREYhmOd2A0goy5NUrECwV2UHQ6lSUkOMUMV0ipwYykwTDmt7QK1Nqk2vQDtG+gumyz6Igp0nXXfQJcFgnZXoBsWc+NFnBFp3ew234+Q8HDOf+b85+I5GpFzRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJZdL5crlppue2fX5LPrvtc6pT5e2rzuxoW7U9uVrPA/LS3pejzp+neG1e+E/7utm/G7m1oKX5Z09H/v/P/DbxcL6fynJHQWet0Fvnh19PRRr7f//Gyt9a2zzHcpJjJRYYa5tpy2G3huq7blGDfwzObGRvn+diMwDbfpBHtB12kZ23cKXc83a/ZdU9ncXDdOac/baW/Va00nnfjh96vl8ob5aDHZ/fc/KgX2tttsuu2tKCasDmMWB0eIU2sZc/Ckt78+LckwqDJLUHVaULVcrVYq1Wpl48Hmgw/L5eLEhPIJmogYHrRvz87HVbqgMzdwfoWw//+bJTW1pLZ2tCuT+WOrLl+eWjn1ibT/f/++c2q7o/1/2stfH1bfUNT/34rf3crr/3NyMTLRDFk1Vs70s/280Csd6akeqaee9vX8Ypa7enEZXu7PllSUXAXy5KqlmrbkyCRTjDa1oQ2V9bG21VAgo4ZcNeUo0J4CdeWoFe0TX45q6sqTL6M12boro4o2tal1GTkqaU+edtTWluqq6V/9fv9AT6Ltvn5KjkqDKrMEFQfH4GRQXv//08/jOV6v/8f/nsGxM0MM8Mb1k+v/fHNZE1cvLyMAAAAAAHDRrOiv71b02f27kvpquE2n/KbTAgAAAAAAFyj65P9m+DIflt6VlXP937/63AAAAAAAwMWwonvsLEkr0Zf6reGdULN8CSDz5gAAAAAAAPB2iT7/v7Ug9aOh1VZlvdb1PwAAAAAA+C/w25Ex9ovpGLv99GP9gqSgs2j9+R+L8uet487ud63DWlhTO0xiJr4B0G3csIqKB+qNxutdkBS9s52bVjI+cDIIphUP7Ct9fTBtrH/LP5HAwlz654uMBK4djSSwUUze6fd6L455L2n38VFBUU3cykrDbTol22s+rKhWu1boOrvdXzx78kvJH6znwZPefumTz3qPo1yOw0nHh2Een4+lU5iWy8tovIXonousNV5WI23yd+3WihW1W07Xf061w8JoQ7Ot/691O465vRK/rhyle0DWr5JCpRTtsuHaR6NDWMMsKifXPGtH5GSxFGVxJ465s3Ynfknzi/fC0vfmpGppch/4o1lUR7OYvi2sf05siylZhMfCepjFX8IF5WSx/npZTOwRAHhTDoa9UDSI+eQY+yf73Yyz3HLymnuWm967/3C8lZd/7Mc3HM5JRfUXk+6ln9+vKDyjr8VhC/Eo7sUbGWf0ctKvLCnnjF4+R+8WtvWn4TOQkqfVJDXFQRb/7vf7DytRu3840at+Ec7wRW67QbM6F27C+y8PfxYNgB/6dP/T/WfV6vpG+YNy+UFV89FqJC/0PQCADNOfsTMesTTszwZ99weDq+rHf38/Lo31u98afKWgpE/0mXp6rHvpIwRWs9tdGfkawr3Jq9YwNvqtYzy2onu5V3VRXzoSWx3EziudZfz3hWHs+mXvBgAArtTtKf3wyf4/69r9XnrdvXYj87p7vC8/+YTgvNjKFW8JAAC+ORz/a2ul+xvL993Ox5XNzUqtu+0Y37N/bHy3vuUYt911fHu71t5yTMf3up7tNU3H16JbdwIT7HQ6nt81Dc83HS9wd6Mnv5vk0e+B06q1u64ddJpOLXCM7bW7Nbtr6m5gm87Oj5pusO340cxBx7HdhmvXuq7XNoG3LNspGRM4zkigW3faXbfhhsW26fhuq+bvmZ94zZ2WY+pOYPtup+vFC0zbctsNz29Fiy2pf9qDDgEA+MZ48ero6aNeb//5KYVjxYX0+2hJ1VcZwQtZC3zDqwgAAE6glwYAAAAAAAAAAAAAAAAAAAAA4O03y/1/pxbSmwLTKfPKCJYGU35+baYlWxpO+fKv58rwDIXCySnJSLv96bN/FReKWTHLYWFBUi/d/KMxx1MTm8uYK6+wOtOaKi4UL34bLktZR8KlFX5wMH4cTsSElZlVi4OtWjz/P4eswrMvc6qmH1GL49tw4bQVHC8UJT1fOMcuuNrzEICr958AAAD//7gMOck=")
r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r6}, 0x10)
getdents(r4, &(0x7f0000001fc0)=""/184, 0xb8)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'lo\x00', <r7=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000005b80)={@loopback, 0x33, r7})

590.468801ms ago: executing program 2 (id=305):
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
r0 = syz_io_uring_setup(0x8d2, &(0x7f0000000580)={0x0, 0x0, 0x3010, 0x1, 0x377}, &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000240)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r0, 0x47ba, 0x3e80, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x5, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x5}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
unshare(0x22020600)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x18)
r5 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="5c00000026006bab9a3fe3d86e17aa31106b876c1d0000007ea60864160af36504001a0038001d004231a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb5b64f69853362ac3407173ec", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4080)
recvmsg$kcm(r5, &(0x7f0000000940)={0x0, 0x0, 0x0}, 0x40000100)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000004c0)={[{@delalloc}, {@data_err_abort}, {@orlov}, {@dioread_lock}, {@bh}, {@nodiscard}, {@data_err_ignore}, {@grpquota}, {@abort}, {@user_xattr}, {@bh}, {@errors_remount}]}, 0x1, 0x569, &(0x7f0000000c80)="$eJzs3c9rHFUcAPDvbH70pzaFUqyIBHqwUrtpEn9U8FCPosWCgse6JNNQsumW7KY0sWB7sBcvUgQRC+Jd73or/gP+FQUtFilBD14is5lt02Q32SabbOp+PjDhvZ2ZvPnuzPftezu7bAA9azj7U4g4FhFfJRGHIiLJ1/VHvnJ4ebvFh9cnsiWJpaWP/krq22X1xv9q7Hcgr7wQEb9+EXGyEDGwqt3q/MJ0qVxOZ/P6SG3mykh1fuHUpZnSVDqVXh4bHz/zxvjY22+92bFYXz3/z7cf3n3vzJfHF7/56f7h20mcjYP5upVxbMGNlZXhGM6fk4E4u2rD0Q40tpsk3T4ANqUvz/MsP4/FoejLsx74//s8IpaAHpXIf+hRjXFAY27foXnwM+PBu8sToLXx9y+/NxJ763Oj/YvJEzOjbL471IH2szZ+/uPO7WyJzr0PAbChGzcj4nR//9r+L8n7v8073cY2q9vQ/8HOuZuNf15rNv4pPBr/RJPxz4EmubsZG+d/4X4HmmkpG/+903T8W2hsMtSX156rj/kGkouXymnWtz0fESdiYE9WX+9+zpnFe0ut1q0c/2VL1n5jLJgfx/3+PU/uM1mqlbYS80oPbka82HT8mzw6/0mT8589H+fbbONoeuflVus2jn97Lf0Q8UrT8//4jlay/v3Jkfr1MNK4Ktb6+9bR31q13+34s/O/f/34h5KV92urT9/G93v/TVuteyL+aP/6H0w+rpcH88eulWq12dGIweSDtY+PPd63UW9sn8V/4vj6/V+z639fRHzaZvy3jvz4Ulvxd+n8Tz7V+X/6wr33P/uuVfvt9X+v10sn8kfa6f/aPcCtPHcAAAAAAACw2xQi4mAkheKjcqFQLC5/vuNI7C+UK9XayYuVucuTUf+u7FAMFBp3ug+t+DzEaP552EZ9bFV9PCIOR8TXffvq9eJEpTzZ7eABAAAAAAAAAAAAAAAAAABglzjQ4vv/md/7un10wLbzk9/QuzbM/0780hOwK3n9h171ifyHHtZO/v+yA8cB7Dyv/9C75D/0LvkPvavd/P9zm48D2Hle/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCjzp87ly1Liw+vT2T1yavzc9OVq6cm0+p0cWZuojhRmb1SnKpUpsppcaIys9H/K1cqV0bHYu7aSC2t1kaq8wsXZipzl2sXLs2UptIL6cCORAUAAAAAAAAAAAAAAAAAAADPlur8wnSpXE5nFRQ2Vejf2u6DEbELolBYXeh2zwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj/0XAAD//91pOAY=")
r6 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r6, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x1200, 0x30, 0x3)

589.920091ms ago: executing program 3 (id=306):
r0 = syz_open_dev$ttys(0xc, 0x2, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x12) (async)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x10001, 0x0, 0x1, 0xff1, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x2, 0x0, @void, @value, @void, @value}, 0x50) (async)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, &(0x7f00000000c0), &(0x7f0000000100)}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{0x1, <r3=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f00000001c0)}, 0x20)
r4 = fsmount(0xffffffffffffffff, 0x0, 0x8a) (async)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000005c0)=@generic={&(0x7f0000000580)='./file0\x00'}, 0x18)
r6 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000600)={0xffffffffffffffff, 0x90, 0x10}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0xa, 0x34, &(0x7f0000000240)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xd642}, @exit, @btf_id={0x18, 0x9, 0x3, 0x0, 0x1}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3ffc}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, 0x1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @func={0x85, 0x0, 0x1, 0x0, 0x1}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000400)='GPL\x00', 0x5, 0xfa, &(0x7f0000000440)=""/250, 0x41000, 0x58, '\x00', 0x0, @fallback=0x18, r4, 0x8, &(0x7f0000000540)={0x0, 0x5}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x5, &(0x7f0000000640)=[r5, 0xffffffffffffffff, 0x1, r6], &(0x7f0000000680)=[{0x2, 0x2, 0x1, 0xb}, {0x5, 0x3, 0x4, 0x7}, {0x1, 0x5, 0xb, 0x5}, {0x4, 0x1, 0xb, 0x11228272e905f7ae}, {0x4, 0x3, 0x0, 0x5}], 0x10, 0x12, @void, @value}, 0x94)
r7 = openat$vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x64400, 0x0)
ioctl$KDDISABIO(r7, 0x4b37) (async)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000940)={r4, &(0x7f0000000800)="4a9f725240d7daf63919b8709f518e39b97504f6d0932bafa65238abcff43fcd288cff1aac3c6fbb2ed69dadc6ede81954b81168a62ef796c52700066075d32af25e7940f6a0f94a1fef664b4b8956948d6833a3ea09678638c647333d4614279f685d8c267e6407ecb2841e9f", &(0x7f0000000880)=""/156}, 0x20) (async)
r8 = fsopen(&(0x7f0000000980)='udf\x00', 0x1) (async)
io_setup(0x0, &(0x7f00000009c0)=<r9=>0x0)
io_submit(r9, 0x2, &(0x7f0000000c00)=[&(0x7f0000000b00)={0x0, 0x0, 0x0, 0x8, 0x6, r0, &(0x7f0000000a00)="f1e8c22ffd8f328a3f63adaf9c06dcc62666aca0d856366a3c7a2196ab70cd2a9bc6cc18aa8051a8a0996e622f2b09ba4dbc0f398cca5fd315742733c8ff78e0efdbd68eb5230d36efad3975cbf1c689b47cf8454e24b4efe15264dd5c20aee64f50ecaf5e7888745ee30e87ae08b7a3ab45ca343f7deb15d9ab2e44dd198371392fd896daa69a73cd64adf70485400a47864f563f76742ae374cab577eeeac48775e1baf9677f4a13049f194144b267c7f79928541ab771d26a0fe1a736eca03e827d4886a3b63566242b0f", 0xcc, 0x200, 0x0, 0x2}, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x5, 0x65d, r6, &(0x7f0000000b40)="509c84b57f2aa301c331a5618068265809d0a839f8dc5c132a5f4f3f8c27e9350ba8f87aed445c25f675cfe984beebc34f34f3bdeb45175c7a2d2a91bd09111aba1f6169ef935890b12779", 0x4b, 0x1, 0x0, 0x5, r7}])
setsockopt$MRT_ADD_MFC(r7, 0x0, 0xcc, &(0x7f0000000c40)={@broadcast, @multicast2, 0x0, "bd48aa219a3681c420ed41654782b1596e432457c8e9b6f34ae4e307dc82866d", 0xfffffff7, 0x0, 0x0, 0x800}, 0x3c) (async)
ioctl$TIOCSBRK(r7, 0x5427) (async)
socket$inet6_sctp(0xa, 0x1, 0x84) (async)
fsconfig$FSCONFIG_SET_FLAG(r8, 0x0, &(0x7f0000000c80)='lazytime\x00', 0x0, 0x0) (async)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000cc0)) (async)
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r7, 0x89f0, &(0x7f0000000d80)={'ip6tnl0\x00', &(0x7f0000000d00)={'syztnl1\x00', <r10=>0x0, 0x29, 0x6, 0x36, 0x1, 0x1, @mcast2, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x11}}, 0x10, 0x1, 0x80000001, 0x44f4}})
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000e80)={'sit0\x00', &(0x7f0000000dc0)={'sit0\x00', r10, 0x1, 0x8000, 0x7, 0x9, {{0x19, 0x4, 0x3, 0x1b, 0x64, 0x67, 0x0, 0x6, 0x4, 0x0, @multicast1, @multicast2, {[@generic={0x0, 0xf, "5b04be406dc602f7dea9700e8f"}, @timestamp_addr={0x44, 0x3c, 0x9d, 0x1, 0x8, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x1}, {@empty, 0x6}, {@rand_addr=0x64010101, 0x2}, {@private=0xa010100, 0x8}, {@rand_addr=0x64010102}, {@dev={0xac, 0x14, 0x14, 0x1b}, 0x1000}, {@broadcast}]}, @ra={0x94, 0x4}, @end]}}}}}) (async)
ioctl$TIOCMSET(r6, 0x5418, &(0x7f0000000ec0)=0x3)
ioctl$TIOCSRS485(r7, 0x542f, &(0x7f0000000f00)={0x6, 0xb45, 0x520}) (async)
r11 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$TIOCGSID(r11, 0x5429, &(0x7f0000000f40)) (async)
ioctl$RTC_PLL_GET(r7, 0x80207011, &(0x7f0000000f80))
ioctl$USBDEVFS_IOCTL(r4, 0xc0105512, &(0x7f0000001080)=@usbdevfs_driver={0x4, 0x4b, &(0x7f0000000fc0)="40833655baed1ca7c344237dc33fc0b00913577d642c8b7dfc46b7414c78960a5c42f11a63f17b449f703eb428a32438eec4f42b352636854b0c1f651ba6a8f778a71e3a97ea9653c3e44d5a19d9eb366881d7b77b873324d022961fb3eaef3437a3c14bfdcf1c69157c7a3494c4968d7799518b6d4e133efcec0e6f918be22438d87e01a349a2a00b049a340d79336776a9ac03b923bdc5534ba2909c77688937aea03298072b88a4a276de"}) (async)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000012c0)=@bpf_lsm={0x1d, 0x8, &(0x7f00000010c0)=@raw=[@generic={0x5, 0x2, 0x9, 0x3, 0x6c447220}, @func={0x85, 0x0, 0x1, 0x0, 0x7}, @jmp={0x5, 0x1, 0x1, 0x0, 0x6, 0x2}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x5}, @exit, @ldst={0x2, 0x0, 0x3, 0x4, 0x7, 0x30, 0xfffffffffffffff0}, @initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5}], &(0x7f0000001100)='syzkaller\x00', 0x40, 0x78, &(0x7f0000001140)=""/120, 0x40f00, 0x10, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f00000011c0)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000001200)={0x5, 0xb, 0x9de, 0x1}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000001240)=[r5, r1], &(0x7f0000001280)=[{0x1, 0x1, 0xa, 0x4}, {0x3, 0x5, 0x2, 0x4}, {0x0, 0x1, 0x8}], 0x10, 0x4, @void, @value}, 0x94) (async)
bind$netlink(0xffffffffffffffff, &(0x7f0000001380)={0x10, 0x0, 0x25dfdbfc, 0x20000000}, 0xc)

588.000531ms ago: executing program 3 (id=307):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001fc0)=ANY=[], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
syz_read_part_table(0x104c, &(0x7f0000001080)="$eJzsz7sNwkAQBNAxP5sqaIWQBiwyiqIIAiqgKkTsZJHBckaIENJ7wWnmtBts+K1FhuraqVzG55Bk+6p1r8q6GePmw3q1/ZxPxyyn30q6fXbJKjknQ81DXXJ7vGOT/vqVmwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgzzwDAAD//1ivELA=")
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x5, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
mremap(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000000c0)={'batadv0\x00', <r3=>0x0})
setrlimit(0xb, &(0x7f0000000180)={0x4, 0x9})
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r2)
sendmsg$BATADV_CMD_GET_DAT_CACHE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x1c, r4, 0x83625fc5352ba305, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x1c}}, 0x0)
r5 = pidfd_getfd(0xffffffffffffffff, r1, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x7cb7, '\x00', r3, r5, 0x4, 0x3, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x49, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='tlb_flush\x00', r8}, 0x10)
setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r6, &(0x7f0000000e80)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)="18e4eab9ef549899b1bef0136625bc71f09e786492f1f1e9173d14f33976fad784feaa4928516a487649c4a0d481ce5660c8dd312dfac47f35c02e68fb324953ef43e907efe64d5da1e827a8fd042344462251e27a1ec5ba653aab6aef495af7c1283049a809671792914196574b8d993fcc820cab9d8fb6fc3259ece095ed9b44cf83d95cab288fd029b9d9dee2641f04dc71a8bce8f849a56cd36a8e563bca9eea5c8b322db18a74cbf66e546d77ea815133b67c3ad5c68404d7c965613563405b38b01349516b4fa7f018ffd26ea0b9f1392285f0ca5e78d8ac344516b421cc666235f1e984dbdd30a93e8d90c6a95cd4c686c4", 0xf5}, {&(0x7f00000006c0)="fdb3d19a24df8478245a3a5815a23d7ef3080b56666e41a00153b893fce5c695cd64725387c036a18477c8f3ff7588968e35bf8972d01c243cb77a08f4a3c53fcb2e73f88567870030b7be85d232b7daddf798b239cd43c13696f895364fc228954103f1a5663b5bf98e774df3838895ea13cd3753552be04b5bcb0ccaffa9c3ef64fc947448c1cb1d6718781181b76993c9e6696acd5f393546b6fc34fcbdf91ac4ae2745b6ef7b07c5c8a29aef1f0a3f44a138ebe8bf25cc84500d0c0366341166142203ebc0f6ff3de47e", 0xcc}, {&(0x7f0000000380)="839d85cac142afb79cb8af235303731c0c943c7e7c726935143a8ce62fac0e82082e2df8fad83886c51f7ea731d8e410c84f78f7866e72616d96d72d8749105a5a0df872d28bbd6db32f00608396104d36f22107cdbc76a48be0729c4667cddaae53c7ded8b63b765c36fb793d48592d651b43ce80db0d6b5eb15aa893403e70fa35a836cd0eeb93bd89073d23", 0x8d}, {&(0x7f00000007c0)="f9030742b64d3dc35ba5204fe7eacfe874e785546a1661d72bfa72f20a3fe56da0d2ff0606ad4d2dafdef6a5f45d3547200db404d015429f2293fa984672d600ed29c132e29bb4204e7c1e4ea5e2815a5fe1416dab2c68fa369e58a743c160aa8444ebae918245df814dfccdf917741bf9c553fd6b6d918400c381498f1c2a0389b5f671ab572f4afc6c3c897fff2c02ec364e155d5ed68939f1ac34a318a557277501988650130225b07c09d95f896e", 0xb0}], 0x4, &(0x7f0000000880)=[{0x30, 0x1, 0xf, "d7de5fe4c1d834c020ae0f67b074cce77c9ddde23a07a02b175e7d1a942137"}, {0x70, 0x111, 0x8, "42c298316b26cd350a96c5815b11a2b6c83278e16c89b20a6dad07425aac9264b717c45f52c6ed2da3020e5da9258fddc4af5eb44bcdb164b6d85ad8db2a4d025ca3c265f280c87bfcd5928979d6c9716a6658fe99972375134e81ac"}], 0xa0}}, {{&(0x7f00000005c0)=@ieee802154={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0102}}}, 0x80, &(0x7f0000000b40), 0x0, &(0x7f0000000b80)=[{0x98, 0x10a, 0x8, "fa0f31fe1e0762e687e1b05b18054ae85e9be0f8cb432a93bebd2aca6bda40d62a54ce172f09c24954c36cfc27f90e8f38c755fb69ed14dddfb10101ff117c45382898d9cb6ddb4d44fae6b879db21f974e36cd28988267b80b8c45cc00024063d0b5a9ba57c76f1e275cbb2fedffb4dd984739236693c1d47cd25c243d19e518637"}, {0x90, 0x88, 0xb25, "9777453781ccaaa0aefb30c05a1e17ef99c17ec45d201ba58944542fc66ceccb9bf8232a421c6b9b96e2efa67fcbf02dda06f0ea5a5215bdc1e9c5bceb9231a10b87024a068f41c45924d35406a51d8f6aef796da0d310f361c1031c44bb5bc804d85d1c7bd7c64338e78f2cf3c9b14eb59c512bec4ea62e7605"}, {0x100, 0x102, 0xfffffeff, "9a99961e4dc8959c735a212d44e182e120ef513ea9d2325512f4b28775715f59ff12ebc82796a32b80fbec112687b71cd5fed0f08b5d60ac8252848a12fb230d9d95889f7b65b34d379729f0a4d69d93d75d11053c52a8b1ce96168aacba9bd0fa5bfefadbeb8cccf714936d3cebda2ccc50416692309e5df2696c456e351e4898d2af7011a81ddde81b40b09d53807af54edc926f646d829e32c1e443d44a60f3ada6ef10b415276197f6c5fa41b94d85c5b995d5cdf88d999f1422691eb7f1689bda7a3ab13bdca58b9f4669022675c1f944ec68f21e756ca4c7f49bf0ae39de344207c37ed7b90f1c55c9fa"}, {0x80, 0x10c, 0x2, "c542e7ba81efbcb46ae604920b67a59e790ddb91c473b5e85c1cd8558aa169705265c1eba8f8bcdc236b19aed41193e707d1cea95164dfa3c4adf9eb4333fc6ca15e52e3b6260e3971fcc0d4fb507a171e2e7d62b688310386f4247738fa946afe35963209e86f19c727961a3bcfa72c"}, {0x30, 0x115, 0x3, "6bf603e49b5b2fdce969a5d8ee09ac02436892421aa22a91041f3aa3fa96"}], 0x2d8}}], 0x2, 0x0)

474.219963ms ago: executing program 2 (id=308):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="900000000b0601040000000000000000050000082c0001"], 0x90}, 0x1, 0x0, 0x0, 0x20000000}, 0x10800)
mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000340)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r2}, 0x10)
sendto$inet6(r1, &(0x7f0000001600)="a4a3a975408411aaad6856a7d45edb1e771dd3f9cfc032b8f5cee912573cd9a5d0979996cc90fc7a53e80eed4858df9d53201419a0dad0bf21d92b85d4d1a5bcc3ad9fd5db1dfcbd6b9ca14a6735ab903204365abad93186c18b5f6aa28a1bba7112e17d15e8868286c4c425f92224604f45ca877495aebaa80d1c342e089e1829b91f75cf63a72c51f2de300d9fc0a3d5ecd3f6327958d37f934dfce0a6e654a6c86592d5f8e4cdd6ff64e79a08340101022077e6812e352d96d6c39e264d", 0xbf, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0f00000004000000040000001200000000000000", @ANYRES32, @ANYBLOB="00000000010000007f4e980d0000000000000000", @ANYRESDEC, @ANYRES32], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001740)={0x0, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
socket$key(0xf, 0x3, 0x2)
r3 = syz_clone3(&(0x7f0000000840)={0x679313c06fe77916, &(0x7f0000000240), &(0x7f0000000280)=<r4=>0x0, &(0x7f0000000300), {0x7}, &(0x7f00000004c0)=""/113, 0x71, &(0x7f0000000700)=""/68, &(0x7f0000000780)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x5}, 0x58)
syz_clone3(&(0x7f0000000680)={0x2080, &(0x7f0000000380), &(0x7f00000003c0), &(0x7f0000000200), {0x34}, &(0x7f0000000540)=""/132, 0x84, &(0x7f00000014c0)=""/69, &(0x7f00000008c0)=[r3, r4, r3], 0x3}, 0x58)
r5 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xb4\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00', 0x42, 0x1f0, 0x0)
mq_timedsend(r5, 0x0, 0x0, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x13, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000680)={{r6}, &(0x7f00000000c0), &(0x7f0000000140)='%pi6   \x00'}, 0x20)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x94)
r7 = inotify_init1(0x0)
inotify_add_watch(r7, &(0x7f0000000400)='.\x00', 0xa4000021)
close(r7)

368.028535ms ago: executing program 3 (id=309):
prlimit64(0x0, 0x6, 0x0, 0x0)
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x6, 0x10020, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3ff, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x240}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffdfc, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r1}, &(0x7f0000000180), &(0x7f0000000580)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0x500, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x2, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
r6 = socket$caif_stream(0x25, 0x1, 0x0)
sendmmsg$inet(r6, &(0x7f0000001140)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000940)=[{&(0x7f0000000000)="ce", 0x1}], 0x1}}], 0x2, 0x810)
lgetxattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@known='com.apple.system.Security\x00', &(0x7f0000000200)=""/15, 0xf)
r7 = socket(0x10, 0x803, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYRES16], 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r9}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
wait4(0x0, 0x0, 0x80000000, 0xfffffffffffffffc)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2b, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0x7}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000c80)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd26, 0x2, {0x0, 0x0, 0x0, r10, {0x0, 0x6}, {}, {0xfff3, 0xa}}, [@filter_kind_options=@f_basic={{0xa}, {0x14, 0x2, [@TCA_BASIC_EMATCHES={0x10, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x1}}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}}, 0x0)

329.461805ms ago: executing program 0 (id=310):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000001c0), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r2, 0x2007ffc)
sendfile(r2, r2, 0x0, 0x800000009) (fail_nth: 17)

325.060965ms ago: executing program 1 (id=311):
getrandom(0x0, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
ptrace$getregset(0x4204, r0, 0x3, &(0x7f00000000c0)={&(0x7f0000000000)=""/176, 0xb0})

264.680576ms ago: executing program 1 (id=312):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000030000008500000086000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
creat(&(0x7f00000002c0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x80)
r2 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r2, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

257.922387ms ago: executing program 2 (id=313):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x4, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="8500000008000000710a00ff000000003d00131000000000950000000000000018100000", @ANYRES32, @ANYBLOB="100000000000002505000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0xa, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0xc4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2d)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0xfffffffffffffffd}, 0x18)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
perf_event_open(&(0x7f0000000000)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x480283, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x7606, 0x3ff, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='cpuacct.usage_sys\x00', 0x26e1, 0x0)
ioctl$TUNSETNOCSUM(r2, 0xc0189436, 0x210020000005)
setsockopt$inet_mreqn(r2, 0x0, 0x23, &(0x7f00000000c0)={@remote, @private=0xa010100}, 0xc)
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)="711f334b34afd5279c17da770c", 0xd}, 0x1, 0x0, 0x0, 0x805}, 0x240448c4)
sendmsg$NFT_BATCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a31000000002c0003800800014000000000180003801400010076657468315f746f5f626f6e6400000008000240000000006c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a30000000004000038008000140000000002c0003801400010067656e657665300000000000000000001400010076657468315f746f5f626f6e64000000080002"], 0x10c}}, 0x0)

238.270917ms ago: executing program 1 (id=314):
bpf$MAP_CREATE(0x0, &(0x7f0000000780)=ANY=[@ANYRES16], 0x50)
syz_open_dev$tty1(0xc, 0x4, 0x1)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$inet(0x2, 0x3, 0x8)
setsockopt$inet_int(r0, 0x0, 0x5, &(0x7f0000000080)=0x7, 0x4)
r1 = socket$inet(0x2, 0x3, 0x6)
r2 = dup3(r0, r1, 0x0)
setsockopt$inet_int(r2, 0x0, 0x5, &(0x7f0000000080)=0x7, 0x4)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x4000, &(0x7f0000000580)={&(0x7f0000000540)={0x1c, r3, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x33}, @void}}}, 0x1c}}, 0x4000054)
sendmsg$NL80211_CMD_SET_CQM(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x1b8, r3, 0x8, 0x70bd28, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_CQM={0x24, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THOLD={0x8, 0x1, [0x9]}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x7}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0xd}]}, @NL80211_ATTR_CQM={0x44, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x6a58}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0xf}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x22}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x1ff}, @NL80211_ATTR_CQM_TXE_PKTS={0x8, 0x6, 0x9}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x5}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8, 0x3, 0x2bf5}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x3}]}, @NL80211_ATTR_CQM={0x30, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x7}, @NL80211_ATTR_CQM_RSSI_THOLD={0x1c, 0x1, [0x0, 0x10, 0x401, 0x63c7, 0xe, 0x2]}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x7}]}, @NL80211_ATTR_CQM={0x3c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x6}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x9}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0x2}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x103}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x57}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x56}, @NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT={0x8}]}, @NL80211_ATTR_CQM={0x5c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x4f}, @NL80211_ATTR_CQM_RSSI_THOLD={0x1c, 0x1, [0xc, 0x200, 0x2, 0x5, 0x1ff, 0x2]}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x687}, @NL80211_ATTR_CQM_RSSI_THOLD={0x24, 0x1, [0x9, 0xcc1f, 0xf21, 0x7, 0x500, 0x4, 0xd, 0xffffffff]}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x4e}]}, @NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x2d5}, @NL80211_ATTR_CQM_RSSI_LEVEL={0x8, 0x9, 0xb15}]}, @NL80211_ATTR_CQM={0x4c, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x7}, @NL80211_ATTR_CQM_TXE_INTVL={0x8, 0x7, 0x1b8}, @NL80211_ATTR_CQM_RSSI_THOLD={0x18, 0x1, [0xba4, 0x3, 0x1, 0x4, 0x54]}, @NL80211_ATTR_CQM_RSSI_THOLD={0x18, 0x1, [0x9fa, 0x8, 0x0, 0xc, 0x9]}, @NL80211_ATTR_CQM_RSSI_HYST={0x8, 0x2, 0x1}]}, @NL80211_ATTR_CQM={0x14, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x4c}, @NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x7}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="380000006d00673c25bd7000ffdbdf2500002789", @ANYRES32=0x0, @ANYBLOB="0110040004e80200040034801400030076657468315f746f5f626f6e64000000"], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r5, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', <r6=>0x0})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0500000004000000990000000b"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r10}, 0x10)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r7, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001940)=ANY=[@ANYBLOB="20000006", @ANYRES16=r8, @ANYBLOB="01dfffffff9a26000000210000000c00018008000100", @ANYRES32=r6], 0x20}, 0x1, 0x0, 0x0, 0x4000c00}, 0x0)

150.499968ms ago: executing program 2 (id=315):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000180), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
munlock(&(0x7f0000f33000/0x2000)=nil, 0x2000)
fallocate(r0, 0x0, 0x80000000000000, 0x8000c62)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x65, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2, 0x0, 0xffffffffffffffff}, 0x18)
socket$inet_tcp(0x2, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000540), 0x84)
perf_event_open(&(0x7f00000004c0)={0x8, 0x80, 0x0, 0xf, 0x0, 0x0, 0x82, 0x8001, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000080), 0x9}, 0x18204, 0x0, 0x3, 0x0, 0x0, 0x5338c7af, 0x0, 0x0, 0x1, 0x0, 0x2}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)

143.392408ms ago: executing program 0 (id=316):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRESOCT=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18090000002300810000000000000000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8001, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000140)={0xa, 0x4e22}, 0x1c)
listen(r3, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), r4)
sendmsg$IEEE802154_LIST_IFACE(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x14, r5, 0x1, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x2}, 0x4000080)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r6}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x15, 0x2, &(0x7f0000000480)=ANY=[@ANYBLOB="00000000000000000000000000000000630b11dce6d7cdafd89c8c3c92a8c195a3d86759c2c4ea37a227e733a5813ef9d2d650115c12b03d6cebdd09851458da06027081ad27bceff5589732fe6c89960f975e13271dcb26d1b0e545d4970a991b5eecb9b1b90e627a5b9a20933b7be98dbd80811c266c8259"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)

142.855168ms ago: executing program 1 (id=317):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x4f0, 0x340, 0x25, 0x148, 0x0, 0x60, 0x458, 0x2a8, 0x2a8, 0x458, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'geneve0\x00', {0x44, 0x0, 0x9, 0x2000000, 0x0, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x0, 0x6, './file0\x00'}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x6, 'syz0\x00'}}}, {{@ip={@broadcast, @multicast1, 0x0, 0x0, 'veth1_to_bond\x00', 'veth0\x00', {0xff}}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@unspec=@cgroup0={{0x28}, {0x4}}, @common=@unspec=@statistic={{0x38}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8000, 'syz0\x00', {0x481c}}}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x550)

53.75679ms ago: executing program 0 (id=318):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000480)='kfree\x00', r2, 0x0, 0x7}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000220000a3c000000120a09080000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a"], 0x64}, 0x1, 0x0, 0x0, 0x5}, 0x0)

30.91145ms ago: executing program 3 (id=319):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="1b000000000000"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r2, &(0x7f00000000c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

24.36059ms ago: executing program 0 (id=320):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1, 0x0, 0x6}, 0x18)
r2 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xffffffffffffffff)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x18)
r5 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
r6 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r6, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000000)={<r7=>0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}]}, &(0x7f0000000180)=0x10)
r8 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r8, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={<r9=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f00000001c0)={r9, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x90}, 0x9c)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r6, 0x84, 0x85, &(0x7f0000000000)={r7, @in={{0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}}, 0x1, 0xfffe}, 0x90)
r10 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000400)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r2, r5, r10, 0x0)
r11 = socket$inet6(0xa, 0x1, 0x0)
r12 = open(&(0x7f0000000080)='./file0\x00', 0x2080, 0x80)
r13 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000240)={&(0x7f00000007c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x44, 0x44, 0x3, [@restrict={0xd, 0x0, 0x0, 0xb, 0x5}, @const={0xe}, @restrict={0x2, 0x0, 0x0, 0xb, 0x5}, @int={0x5, 0x0, 0x0, 0x1, 0x0, 0x65, 0x0, 0x27, 0x4}, @int={0x5, 0x0, 0x0, 0x1, 0x0, 0x62, 0x0, 0x5a, 0x1}]}, {0x0, [0x61]}}, &(0x7f0000000840)=""/251, 0x5f, 0xfb, 0x0, 0xfffffffd, 0x0, @void, @value}, 0x28)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000940)={0x3, 0x4, 0x4, 0xa, 0x0, r12, 0x200, '\x00', 0x0, r13, 0x5, 0x1, 0x3, 0x0, @void, @value, @void, @value}, 0x50)
setsockopt$IP6T_SO_SET_REPLACE(r11, 0x29, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x3c1, 0x3, 0x308, 0x130, 0x12, 0x60a, 0x600, 0x202, 0x238, 0x2e8, 0x2e8, 0x238, 0x2c0, 0x4, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @dev}, @mcast2, [0x4000000], [0x4000000], 'veth1_to_bond\x00', 'xfrm0\x00'}, 0x0, 0x108, 0x130, 0x0, {}, [@common=@unspec=@statistic={{0x38}}, @common=@inet=@socket2={{0x28}}]}, @common=@inet=@SET1={0x28, 'SET\x00', 0x1, {{0xffffffffffffffff}, {0xffffffffffffffff, 0xf9}}}}, {{@ipv6={@private2, @loopback, [], [], 'vxcan1\x00', 'geneve0\x00'}, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@empty}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x368)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000480)='kfree\x00', 0xffffffffffffffff, 0x0, 0x7}, 0x18)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000d80)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000220000a3c000000120a09080000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a"], 0x64}, 0x1, 0x0, 0x0, 0x5}, 0x0)

11.39504ms ago: executing program 3 (id=321):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000040)={'batadv0\x00', <r2=>0x0})
io_setup(0x7f, &(0x7f0000000100)=<r3=>0x0)
io_submit(r3, 0x1, &(0x7f0000000680)=[0x0])
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=@setlink={0x3c, 0x13, 0x1, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, r2}, @IFLA_ALT_IFNAME={0x14, 0x35, 'dummy0\x00'}]}, 0x3c}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_PAUSE_GET(r4, 0x0, 0x0)
perf_event_open(&(0x7f00000000c0)={0x1, 0x80, 0x65, 0xfc, 0x3, 0x0, 0x0, 0x7, 0x89000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc46, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x8, 0x7ffffefc, 0x3, 0x1, 0x0, 0x0, 0x0, 0x5, 0x0, 0x1}, 0x0, 0x6, 0xffffffffffffffff, 0x9)
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r5 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r5, 0x0, 0x2}, 0x18)
r6 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r6, 0x8922, &(0x7f0000000080)={'dummy0\x00'})
r7 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/icmp\x00')
preadv(r7, &(0x7f0000000700)=[{&(0x7f0000000640)=""/165, 0xa5}], 0x1, 0x180, 0x9)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)

0s ago: executing program 2 (id=322):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000f0000000000000c00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000200b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000880)=ANY=[@ANYRES8, @ANYRES32, @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = bpf$MAP_CREATE(0x1900000000000000, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000082"], 0x0, 0x4, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
unshare(0x8000000)
semget$private(0x0, 0x4000, 0x555)
r4 = syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x10, &(0x7f0000000040)={[{@usrjquota}]}, 0x1, 0x3e7, &(0x7f0000000480)="$eJzs3E1vG0UfAPD/bl7apn1qV3oOvFwsQCISImnSFqgEEhEXDu2JHjhixWmJ6jSoMRKtIl4E4gYSiA8AB+AjcIQD3wHOwAEqRSgHUm5Ga+86Jn5pQx0skt9PGnlmZ+OZ9WTWu+PZCeDIqkTEixExERFnI6KUb0/zEO+2Q7bfzvbm8p/bm8tJNJuv/J5Ekm8r3ivJX0/mbzCbRqQfJPFon3I3bt2+Xq3XV27m6fnG2hvzG7duP726Vr22cm3lxuIz585fuPDcxcVnR3asW2vJR098demXTz6sffrDb9+Ws/qeyvO6j2NUKlHpfCZ7XRx1YWN2vCueTI6xIgAADJXm1/6Trev/UkzE7sVbKT7+fqyVAwAAAEai2SxeAQAAgMMrce8PAAAAh1wxD2Bne3O5CGOcjsC/bGspIsrt9r+bh3bOZOeZ3qk9z/eOUiUiXj5+eTELcUDPYQMAAAAcZd8ttRf+6x3/S+Ohrv1ORMRMsbbfCFX2pHvHf9I7Iy6SLltLEc9HxN2e8b+02KU8kaf+1xoqnEqurtZXzkbE6YiYjaljWXphSBlvP3b960F53eN/n//86kJWfva6u0d6Z/LY3/+mVm1UH+SY2bX1XsQjk/3aP+mM+Xavk/lPvLa688KgvKz9s/YuQm/7c5CaX0Q82bf/765cmgxfn3W+dT6YL84KvX469eX7g8rv7v9ZyMovfgvg4GX9f2Z4+7fWye2s17ux/zK++ePyj4Py7t3+/c//08mVVgWn821vVRuNmwsR08ml3u3+mzqKz6P4vLL2n328//d/cf2X5N/9p7vWh+4x5AfCl945c2VQnv4/Xln71/bV//cfeX3m4dlB5d9f/z/fqkzxJq7/7u1+G2jc9QQAAAAAAABgNNLW3L4knevE03Rurj3P9/8xk9bXNxpPXV1/80atPQewHFNpMdOr1DUfdKH9GHknvbgnfS4izkTEZ6UTrfTc8nq9Nu6DBwAAgCPi5ID7/8yvAx/2AAAAAP5zyuOuAAAAAHDg3P8DAADAofYg6/qLiIgc1si4z0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAR9tfAQAA///8h8MD")
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000340), 0xc01, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00', <r5=>0x0}, 0x6a)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYRES64=r4, @ANYRESHEX=r5], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000f00)='kfree\x00', r6}, 0x18)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r8, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r8, &(0x7f0000847fff)='X', 0x34000, 0xcc03, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_CONTEXT(r8, 0x84, 0x11, &(0x7f0000000140)={0x0, 0x7000}, 0x8)
sendmsg$NFT_BATCH(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000005900)=ANY=[@ANYBLOB="1c000000150a0102"], 0x1c}}, 0x0)
socket$inet(0x2, 0x1, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000002700)=ANY=[], 0x1015, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000440)=@known='trusted.overlay.upper\x00', 0x0, 0x4000)

kernel console output (not intermixed with test programs):

[   T29] audit: type=1400 audit(1750067015.912:63): avc:  denied  { mount } for  pid=3295 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   22.150182][   T29] audit: type=1400 audit(1750067015.932:64): avc:  denied  { unmount } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   22.370731][ T3295] cgroup: Unknown subsys name 'cpuset'
[   22.376697][ T3295] cgroup: Unknown subsys name 'rlimit'
[   22.565114][   T29] audit: type=1400 audit(1750067016.372:65): avc:  denied  { setattr } for  pid=3295 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   22.590155][   T29] audit: type=1400 audit(1750067016.372:66): avc:  denied  { create } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   22.610667][   T29] audit: type=1400 audit(1750067016.372:67): avc:  denied  { write } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   22.627994][ T3298] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   22.631947][   T29] audit: type=1400 audit(1750067016.372:68): avc:  denied  { read } for  pid=3295 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   22.660950][   T29] audit: type=1400 audit(1750067016.382:69): avc:  denied  { mounton } for  pid=3295 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
[   22.682296][ T3295] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   22.685760][   T29] audit: type=1400 audit(1750067016.382:70): avc:  denied  { mount } for  pid=3295 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   22.685792][   T29] audit: type=1400 audit(1750067016.452:71): avc:  denied  { relabelto } for  pid=3298 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   23.984183][ T3306] chnl_net:caif_netlink_parms(): no params data found
[   24.020245][ T3305] chnl_net:caif_netlink_parms(): no params data found
[   24.055515][ T3308] chnl_net:caif_netlink_parms(): no params data found
[   24.063845][ T3312] chnl_net:caif_netlink_parms(): no params data found
[   24.072257][ T3306] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.079399][ T3306] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.086512][ T3306] bridge_slave_0: entered allmulticast mode
[   24.092958][ T3306] bridge_slave_0: entered promiscuous mode
[   24.117348][ T3306] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.124491][ T3306] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.131693][ T3306] bridge_slave_1: entered allmulticast mode
[   24.138006][ T3306] bridge_slave_1: entered promiscuous mode
[   24.176018][ T3310] chnl_net:caif_netlink_parms(): no params data found
[   24.194526][ T3305] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.201724][ T3305] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.208877][ T3305] bridge_slave_0: entered allmulticast mode
[   24.215397][ T3305] bridge_slave_0: entered promiscuous mode
[   24.223741][ T3305] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.230838][ T3305] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.238006][ T3305] bridge_slave_1: entered allmulticast mode
[   24.244360][ T3305] bridge_slave_1: entered promiscuous mode
[   24.251826][ T3306] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   24.282332][ T3306] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   24.306384][ T3305] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   24.326808][ T3306] team0: Port device team_slave_0 added
[   24.337338][ T3305] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   24.346511][ T3312] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.353660][ T3312] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.360870][ T3312] bridge_slave_0: entered allmulticast mode
[   24.367254][ T3312] bridge_slave_0: entered promiscuous mode
[   24.376467][ T3306] team0: Port device team_slave_1 added
[   24.382322][ T3308] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.389434][ T3308] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.396556][ T3308] bridge_slave_0: entered allmulticast mode
[   24.403037][ T3308] bridge_slave_0: entered promiscuous mode
[   24.413317][ T3312] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.420400][ T3312] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.427487][ T3312] bridge_slave_1: entered allmulticast mode
[   24.434022][ T3312] bridge_slave_1: entered promiscuous mode
[   24.458266][ T3308] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.465450][ T3308] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.472645][ T3308] bridge_slave_1: entered allmulticast mode
[   24.478799][ T3308] bridge_slave_1: entered promiscuous mode
[   24.493403][ T3310] bridge0: port 1(bridge_slave_0) entered blocking state
[   24.500525][ T3310] bridge0: port 1(bridge_slave_0) entered disabled state
[   24.507616][ T3310] bridge_slave_0: entered allmulticast mode
[   24.513964][ T3310] bridge_slave_0: entered promiscuous mode
[   24.520631][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_0
[   24.527579][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   24.553484][ T3306] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   24.573641][ T3305] team0: Port device team_slave_0 added
[   24.580445][ T3308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   24.593824][ T3310] bridge0: port 2(bridge_slave_1) entered blocking state
[   24.600957][ T3310] bridge0: port 2(bridge_slave_1) entered disabled state
[   24.608079][ T3310] bridge_slave_1: entered allmulticast mode
[   24.614532][ T3310] bridge_slave_1: entered promiscuous mode
[   24.620826][ T3306] batman_adv: batadv0: Adding interface: batadv_slave_1
[   24.627789][ T3306] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   24.653831][ T3306] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   24.665345][ T3308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   24.677164][ T3305] team0: Port device team_slave_1 added
[   24.687568][ T3312] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   24.710260][ T3312] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   24.724335][ T3310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   24.742919][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_0
[   24.749935][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   24.775965][ T3305] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   24.792069][ T3310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   24.805647][ T3308] team0: Port device team_slave_0 added
[   24.811677][ T3305] batman_adv: batadv0: Adding interface: batadv_slave_1
[   24.818625][ T3305] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   24.844642][ T3305] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   24.868011][ T3306] hsr_slave_0: entered promiscuous mode
[   24.874197][ T3306] hsr_slave_1: entered promiscuous mode
[   24.880631][ T3308] team0: Port device team_slave_1 added
[   24.897400][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_0
[   24.904397][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   24.930449][ T3308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   24.942128][ T3312] team0: Port device team_slave_0 added
[   24.953905][ T3310] team0: Port device team_slave_0 added
[   24.964039][ T3308] batman_adv: batadv0: Adding interface: batadv_slave_1
[   24.971004][ T3308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   24.997002][ T3308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   25.013744][ T3312] team0: Port device team_slave_1 added
[   25.020079][ T3310] team0: Port device team_slave_1 added
[   25.043187][ T3305] hsr_slave_0: entered promiscuous mode
[   25.049173][ T3305] hsr_slave_1: entered promiscuous mode
[   25.055034][ T3305] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   25.062609][ T3305] Cannot create hsr debugfs directory
[   25.098534][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_0
[   25.105683][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   25.131719][ T3312] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   25.142808][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_0
[   25.149767][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   25.175811][ T3310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   25.188890][ T3310] batman_adv: batadv0: Adding interface: batadv_slave_1
[   25.195876][ T3310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   25.221914][ T3310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   25.241024][ T3312] batman_adv: batadv0: Adding interface: batadv_slave_1
[   25.247975][ T3312] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   25.274087][ T3312] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   25.296764][ T3308] hsr_slave_0: entered promiscuous mode
[   25.302735][ T3308] hsr_slave_1: entered promiscuous mode
[   25.308609][ T3308] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   25.316201][ T3308] Cannot create hsr debugfs directory
[   25.377583][ T3310] hsr_slave_0: entered promiscuous mode
[   25.383534][ T3310] hsr_slave_1: entered promiscuous mode
[   25.389545][ T3310] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   25.397182][ T3310] Cannot create hsr debugfs directory
[   25.406876][ T3312] hsr_slave_0: entered promiscuous mode
[   25.412891][ T3312] hsr_slave_1: entered promiscuous mode
[   25.418746][ T3312] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   25.426413][ T3312] Cannot create hsr debugfs directory
[   25.527272][ T3306] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   25.536161][ T3306] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   25.546302][ T3306] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   25.556238][ T3306] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   25.597226][ T3305] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   25.607879][ T3305] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   25.620156][ T3305] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   25.628644][ T3305] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   25.657408][ T3308] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   25.673300][ T3308] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   25.682372][ T3308] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   25.706145][ T3308] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   25.717647][ T3310] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   25.726327][ T3310] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   25.737210][ T3306] 8021q: adding VLAN 0 to HW filter on device bond0
[   25.749194][ T3310] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   25.758132][ T3310] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   25.793089][ T3306] 8021q: adding VLAN 0 to HW filter on device team0
[   25.807976][ T3312] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   25.817187][   T41] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.824367][   T41] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.836491][ T3305] 8021q: adding VLAN 0 to HW filter on device bond0
[   25.844988][ T3312] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   25.855639][ T3312] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   25.867805][  T169] bridge0: port 2(bridge_slave_1) entered blocking state
[   25.874894][  T169] bridge0: port 2(bridge_slave_1) entered forwarding state
[   25.884703][ T3312] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   25.907808][ T3305] 8021q: adding VLAN 0 to HW filter on device team0
[   25.926986][ T3306] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   25.937573][ T3306] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   25.967756][ T3310] 8021q: adding VLAN 0 to HW filter on device bond0
[   25.979547][  T169] bridge0: port 1(bridge_slave_0) entered blocking state
[   25.986648][  T169] bridge0: port 1(bridge_slave_0) entered forwarding state
[   25.995156][  T169] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.002340][  T169] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.027420][ T3308] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.048060][ T3310] 8021q: adding VLAN 0 to HW filter on device team0
[   26.057517][ T3308] 8021q: adding VLAN 0 to HW filter on device team0
[   26.065400][ T3305] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   26.075842][ T3305] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   26.093116][   T55] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.100309][   T55] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.121563][   T55] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.128648][   T55] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.138077][   T55] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.145258][   T55] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.155173][   T55] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.162264][   T55] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.175255][ T3312] 8021q: adding VLAN 0 to HW filter on device bond0
[   26.205302][ T3312] 8021q: adding VLAN 0 to HW filter on device team0
[   26.231342][ T3306] 8021q: adding VLAN 0 to HW filter on device batadv0
[   26.251386][ T3308] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   26.266124][   T51] bridge0: port 1(bridge_slave_0) entered blocking state
[   26.273334][   T51] bridge0: port 1(bridge_slave_0) entered forwarding state
[   26.284070][   T51] bridge0: port 2(bridge_slave_1) entered blocking state
[   26.291120][   T51] bridge0: port 2(bridge_slave_1) entered forwarding state
[   26.315436][ T3312] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   26.325842][ T3312] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   26.351797][ T3305] 8021q: adding VLAN 0 to HW filter on device batadv0
[   26.385307][ T3310] 8021q: adding VLAN 0 to HW filter on device batadv0
[   26.408603][ T3308] 8021q: adding VLAN 0 to HW filter on device batadv0
[   26.458861][ T3312] 8021q: adding VLAN 0 to HW filter on device batadv0
[   26.529212][ T3305] veth0_vlan: entered promiscuous mode
[   26.552267][ T3305] veth1_vlan: entered promiscuous mode
[   26.587317][ T3305] veth0_macvtap: entered promiscuous mode
[   26.598057][ T3310] veth0_vlan: entered promiscuous mode
[   26.607454][ T3306] veth0_vlan: entered promiscuous mode
[   26.623241][ T3305] veth1_macvtap: entered promiscuous mode
[   26.631444][ T3310] veth1_vlan: entered promiscuous mode
[   26.638064][ T3306] veth1_vlan: entered promiscuous mode
[   26.661525][ T3308] veth0_vlan: entered promiscuous mode
[   26.668106][ T3312] veth0_vlan: entered promiscuous mode
[   26.676123][ T3312] veth1_vlan: entered promiscuous mode
[   26.687228][ T3308] veth1_vlan: entered promiscuous mode
[   26.694305][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_0
[   26.709903][ T3305] batman_adv: batadv0: Interface activated: batadv_slave_1
[   26.723347][ T3312] veth0_macvtap: entered promiscuous mode
[   26.730055][ T3310] veth0_macvtap: entered promiscuous mode
[   26.741895][ T3310] veth1_macvtap: entered promiscuous mode
[   26.749133][ T3305] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   26.757962][ T3305] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   26.766704][ T3305] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   26.775582][ T3305] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   26.787772][ T3312] veth1_macvtap: entered promiscuous mode
[   26.795458][ T3306] veth0_macvtap: entered promiscuous mode
[   26.802664][ T3306] veth1_macvtap: entered promiscuous mode
[   26.815914][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_0
[   26.834932][ T3312] batman_adv: batadv0: Interface activated: batadv_slave_1
[   26.844270][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_0
[   26.855452][ T3308] veth0_macvtap: entered promiscuous mode
[   26.868245][ T3312] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   26.877034][ T3312] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   26.885912][ T3312] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   26.894615][ T3312] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   26.905302][ T3310] batman_adv: batadv0: Interface activated: batadv_slave_1
[   26.905786][ T3305] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   26.929557][ T3308] veth1_macvtap: entered promiscuous mode
[   26.951988][ T3474] loop1: detected capacity change from 0 to 1024
[   26.958739][ T3474] =======================================================
[   26.958739][ T3474] WARNING: The mand mount option has been deprecated and
[   26.958739][ T3474]          and is ignored by this kernel. Remove the mand
[   26.958739][ T3474]          option from the mount to silence this warning.
[   26.958739][ T3474] =======================================================
[   26.960861][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_0
[   27.001427][ T3310] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   27.010255][ T3310] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   27.019015][ T3310] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   27.027808][ T3310] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   27.036965][ T3474] EXT4-fs: Ignoring removed nobh option
[   27.057806][ T3474] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   27.076601][ T3306] batman_adv: batadv0: Interface activated: batadv_slave_1
[   27.094343][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_0
[   27.107158][ T3306] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   27.116087][ T3306] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   27.124873][ T3306] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   27.126350][   T29] kauditd_printk_skb: 26 callbacks suppressed
[   27.126362][   T29] audit: type=1400 audit(1750067020.932:98): avc:  denied  { allowed } for  pid=3480 comm="syz.2.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   27.133757][ T3306] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   27.162178][   T29] audit: type=1400 audit(1750067020.972:99): avc:  denied  { ioctl } for  pid=3473 comm="syz.1.2" path="/0/file1/file1" dev="loop1" ino=15 ioctlcmd=0x662a scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   27.215108][ T3308] batman_adv: batadv0: Interface activated: batadv_slave_1
[   27.227537][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   27.231551][ T3308] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   27.245582][ T3308] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   27.254442][ T3308] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   27.263202][ T3308] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   27.264091][   T29] audit: type=1400 audit(1750067020.972:100): avc:  denied  { create } for  pid=3480 comm="syz.2.3" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   27.293008][   T29] audit: type=1400 audit(1750067021.032:101): avc:  denied  { create } for  pid=3483 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   27.312797][   T29] audit: type=1400 audit(1750067021.052:102): avc:  denied  { map_create } for  pid=3483 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   27.331671][   T29] audit: type=1400 audit(1750067021.052:103): avc:  denied  { bpf } for  pid=3483 comm="syz.3.4" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   27.352040][   T29] audit: type=1400 audit(1750067021.052:104): avc:  denied  { map_read map_write } for  pid=3483 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   27.371776][   T29] audit: type=1400 audit(1750067021.052:105): avc:  denied  { prog_load } for  pid=3483 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   27.390534][   T29] audit: type=1400 audit(1750067021.052:106): avc:  denied  { perfmon } for  pid=3483 comm="syz.3.4" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   27.397927][ T3484] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4'.
[   27.411280][   T29] audit: type=1400 audit(1750067021.052:107): avc:  denied  { prog_run } for  pid=3483 comm="syz.3.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   27.513951][ T3495] loop2: detected capacity change from 0 to 1024
[   27.523648][ T3494] netlink: 'syz.4.5': attribute type 1 has an invalid length.
[   27.539240][ T3495] /dev/loop2: Can't open blockdev
[   27.546165][ T3497] Zero length message leads to an empty skb
[   27.555247][ T3499] netlink: 180 bytes leftover after parsing attributes in process `syz.0.1'.
[   27.571179][ T3499] smc: net device bond0 applied user defined pnetid SYZ2
[   27.614967][ T3481] loop2: detected capacity change from 0 to 2048
[   27.654633][ T3481] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   27.707113][ T3513] loop0: detected capacity change from 0 to 1024
[   27.714942][ T3513] EXT4-fs: Ignoring removed nobh option
[   27.719036][ T3515] syz.1.11 uses obsolete (PF_INET,SOCK_PACKET)
[   27.744723][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   27.759820][ T3513] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   27.813035][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   27.864545][ T3525] loop0: detected capacity change from 0 to 512
[   27.874579][ T3525] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   27.887712][ T3525] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   27.890696][ T3527] loop4: detected capacity change from 0 to 1024
[   27.907640][ T3523] netlink: 12 bytes leftover after parsing attributes in process `syz.2.13'.
[   27.932989][ T3527] EXT4-fs: Ignoring removed orlov option
[   27.935256][ T3525] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   27.953181][ T3527] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled
[   27.954262][ T3525] EXT4-fs (loop0): 1 truncate cleaned up
[   27.969338][ T3532] loop2: detected capacity change from 0 to 1024
[   27.969374][ T3525] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   27.990438][ T3527] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   28.015456][ T3532] EXT4-fs: Ignoring removed nobh option
[   28.047692][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   28.058906][ T3532] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   28.103909][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   28.125459][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   28.180000][ T3539] loop4: detected capacity change from 0 to 1024
[   28.191770][    C0] hrtimer: interrupt took 45628 ns
[   28.730903][ T3554] loop2: detected capacity change from 0 to 1024
[   28.744767][ T3561] loop1: detected capacity change from 0 to 512
[   28.773216][ T3554] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   28.798054][ T3561] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   28.849771][ T3561] EXT4-fs (loop1): 1 truncate cleaned up
[   28.862039][ T3554] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   28.885628][ T3561] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   28.944893][ T3554] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 1: comm syz.2.23: lblock 1 mapped to illegal pblock 1 (length 3)
[   29.022475][ T3554] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 3 with error 117
[   29.034964][ T3554] EXT4-fs (loop2): This should not happen!! Data will be lost
[   29.034964][ T3554] 
[   29.139924][ T3554] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 1: comm syz.2.23: lblock 1 mapped to illegal pblock 1 (length 1)
[   29.227339][ T3554] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 117
[   29.239742][ T3554] EXT4-fs (loop2): This should not happen!! Data will be lost
[   29.239742][ T3554] 
[   29.463147][ T3554] syz.2.23 (3554) used greatest stack depth: 10920 bytes left
[   29.541701][   T51] EXT4-fs error (device loop2): ext4_map_blocks:816: inode #15: block 4: comm kworker/u8:3: lblock 4 mapped to illegal pblock 4 (length 5)
[   29.644152][   T51] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 5 with error 117
[   29.656567][   T51] EXT4-fs (loop2): This should not happen!! Data will be lost
[   29.656567][   T51] 
[   29.763327][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   29.815386][ T3571] loop4: detected capacity change from 0 to 1024
[   29.856027][ T3571] EXT4-fs: Ignoring removed nobh option
[   29.885584][ T3573] loop2: detected capacity change from 0 to 1024
[   29.922178][ T3571] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   29.936132][ T3573] EXT4-fs: Ignoring removed orlov option
[   29.970912][ T3573] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled
[   30.102754][ T3561] syz.1.25 (3561) used greatest stack depth: 6952 bytes left
[   30.943002][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   30.973780][ T3573] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   31.001358][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   31.019613][ T3580] loop1: detected capacity change from 0 to 128
[   31.038002][ T3573] netlink: 8 bytes leftover after parsing attributes in process `syz.2.26'.
[   31.047343][ T3573] netlink: 24 bytes leftover after parsing attributes in process `syz.2.26'.
[   31.081452][ T3573] netlink: 8 bytes leftover after parsing attributes in process `syz.2.26'.
[   31.090263][ T3573] netlink: 24 bytes leftover after parsing attributes in process `syz.2.26'.
[   31.105766][ T3582] loop4: detected capacity change from 0 to 1024
[   31.112992][ T3582] EXT4-fs: Ignoring removed orlov option
[   31.126372][ T3582] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled
[   31.173844][ T3582] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   31.222812][ T3582] netlink: 8 bytes leftover after parsing attributes in process `syz.4.29'.
[   31.231581][ T3582] netlink: 24 bytes leftover after parsing attributes in process `syz.4.29'.
[   31.242507][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   31.284355][ T3580] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   31.316360][ T3588] loop3: detected capacity change from 0 to 1024
[   31.330590][ T3588] EXT4-fs: Ignoring removed orlov option
[   31.336748][ T3582] netlink: 8 bytes leftover after parsing attributes in process `syz.4.29'.
[   31.338407][ T3580] ext4 filesystem being mounted at /4/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   31.387093][ T3588] EXT4-fs (loop3): stripe (2) is not aligned with cluster size (16), stripe is disabled
[   31.433631][ T3588] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   31.493091][ T3305] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   31.493523][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   31.504068][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   31.554457][ T3597] loop2: detected capacity change from 0 to 1024
[   31.570799][ T3597] EXT4-fs: Ignoring removed orlov option
[   31.579964][ T3597] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled
[   31.613816][ T3597] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   31.691425][ T3605] loop1: detected capacity change from 0 to 512
[   31.725915][ T3605] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   31.740419][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   31.773608][ T3605] EXT4-fs (loop1): 1 truncate cleaned up
[   31.790746][ T3605] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   31.909013][ T3611] loop2: detected capacity change from 0 to 1024
[   31.920828][ T3611] EXT4-fs: Ignoring removed orlov option
[   31.926563][ T3611] EXT4-fs: Ignoring removed bh option
[   31.932512][ T3611] EXT4-fs: Ignoring removed bh option
[   31.955636][ T3611] EXT4-fs (loop2): mounted filesystem 05000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   31.969305][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   31.996565][ T3615] random: crng reseeded on system resumption
[   32.008757][ T3615] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   32.017793][ T3615] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   32.025402][ T3611] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.36: Allocating blocks 497-513 which overlap fs metadata
[   32.051670][ T3611] EXT4-fs (loop2): Remounting filesystem read-only
[   32.087455][ T3611] EXT4-fs (loop2): pa ffff8881069bd070: logic 0, phys. 257, len 16
[   32.145069][ T3617] netlink: 'syz.0.38': attribute type 1 has an invalid length.
[   32.168655][ T3619] loop0: detected capacity change from 0 to 1024
[   32.179146][ T3619] EXT4-fs: Ignoring removed orlov option
[   32.185709][ T3619] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled
[   32.191996][ T3611] EXT4-fs (loop2): unmounting filesystem 05000000-0000-0000-0000-000000000000.
[   32.216597][ T3619] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   32.217393][   T29] kauditd_printk_skb: 223 callbacks suppressed
[   32.217407][   T29] audit: type=1400 audit(1750067026.022:331): avc:  denied  { create } for  pid=3620 comm="syz.2.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   32.266208][   T29] audit: type=1400 audit(1750067026.062:332): avc:  denied  { create } for  pid=3620 comm="syz.2.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[   32.270355][ T3622] syz.2.40 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[   32.288734][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.306547][   T29] audit: type=1400 audit(1750067026.082:333): avc:  denied  { bind } for  pid=3620 comm="syz.2.40" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[   32.328417][   T29] audit: type=1400 audit(1750067026.132:334): avc:  denied  { ioctl } for  pid=3620 comm="syz.2.40" path="socket:[4792]" dev="sockfs" ino=4792 ioctlcmd=0x89e7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[   32.362907][ T3629] netlink: 'syz.0.41': attribute type 3 has an invalid length.
[   32.372166][ T3629] loop0: detected capacity change from 0 to 128
[   32.390059][ T3629] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   32.404492][ T3629] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   32.407481][   T29] audit: type=1400 audit(1750067026.132:335): avc:  denied  { ioctl } for  pid=3620 comm="syz.2.40" path="socket:[3941]" dev="sockfs" ino=3941 ioctlcmd=0x8910 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   32.439770][   T29] audit: type=1400 audit(1750067026.142:336): avc:  denied  { search } for  pid=3624 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   32.461944][   T29] audit: type=1400 audit(1750067026.142:337): avc:  denied  { search } for  pid=3624 comm="dhcpcd-run-hook" name="dhcpcd" dev="tmpfs" ino=477 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   32.484788][   T29] audit: type=1400 audit(1750067026.142:338): avc:  denied  { search } for  pid=3624 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=481 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   32.507902][   T29] audit: type=1400 audit(1750067026.142:339): avc:  denied  { search } for  pid=3624 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=482 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   32.531036][   T29] audit: type=1400 audit(1750067026.152:340): avc:  denied  { read open } for  pid=3625 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=482 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   32.568863][ T3638] loop2: detected capacity change from 0 to 512
[   32.643243][ T3638] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   32.696667][ T3651] loop1: detected capacity change from 0 to 1024
[   32.705700][ T3638] random: crng reseeded on system resumption
[   32.718776][ T3651] EXT4-fs: Ignoring removed bh option
[   32.750769][ T3638] __nla_validate_parse: 3 callbacks suppressed
[   32.750788][ T3638] netlink: 8 bytes leftover after parsing attributes in process `syz.2.42'.
[   32.770215][ T3308] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   32.788830][ T3640] loop4: detected capacity change from 0 to 512
[   32.806180][ T3651] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   32.824023][ T3658] loop3: detected capacity change from 0 to 128
[   32.832084][ T3640] EXT4-fs: Ignoring removed orlov option
[   32.897098][ T3640] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   32.914677][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.924402][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   32.946564][ T3640] EXT4-fs (loop4): orphan cleanup on readonly fs
[   33.059329][ T3640] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.43: bg 0: block 248: padding at end of block bitmap is not set
[   33.094813][ T3683] netlink: 8 bytes leftover after parsing attributes in process `syz.0.50'.
[   33.103633][ T3640] EXT4-fs error (device loop4): ext4_acquire_dquot:6933: comm syz.4.43: Failed to acquire dquot type 1
[   33.113815][ T3685] loop2: detected capacity change from 0 to 1024
[   33.175086][ T3640] EXT4-fs (loop4): 1 truncate cleaned up
[   33.195285][ T3685] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   33.244191][ T3685] sctp: [Deprecated]: syz.2.48 (pid 3685) Use of int in max_burst socket option.
[   33.244191][ T3685] Use struct sctp_assoc_value instead
[   33.246042][ T3696] loop0: detected capacity change from 0 to 512
[   33.297945][ T3640] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   33.319183][ T3696] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   33.360879][ T3640] EXT4-fs: Ignoring removed orlov option
[   33.364360][ T3696] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   33.391000][ T3640] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   33.429875][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.439424][ T3640] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[   33.517505][ T3640] EXT4-fs error (device loop4): __ext4_remount:6736: comm syz.4.43: Abort forced by user
[   33.662257][ T3640] EXT4-fs (loop4): Remounting filesystem read-only
[   33.671494][ T3640] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[   33.765311][ T3640] ext4 filesystem being remounted at /9/bus supports timestamps until 2038-01-19 (0x7fffffff)
[   33.797419][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   33.825558][ T3640] netlink: 256 bytes leftover after parsing attributes in process `syz.4.43'.
[   33.897351][ T3740] loop2: detected capacity change from 0 to 1024
[   33.917907][ T3740] EXT4-fs: Ignoring removed orlov option
[   33.943576][ T3740] EXT4-fs (loop2): stripe (2) is not aligned with cluster size (16), stripe is disabled
[   34.007044][ T3738] netlink: 'syz.1.53': attribute type 1 has an invalid length.
[   34.013906][ T3740] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.030529][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.039771][ T3732] loop0: detected capacity change from 0 to 1024
[   34.046708][ T3732] EXT4-fs: Ignoring removed orlov option
[   34.052515][ T3732] EXT4-fs: Ignoring removed bh option
[   34.060916][ T3732] EXT4-fs: Ignoring removed bh option
[   34.069976][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.107375][   T51] kworker/u8:3: attempt to access beyond end of device
[   34.107375][   T51] loop3: rw=1, sector=153, nr_sectors = 8 limit=128
[   34.127837][   T51] kworker/u8:3: attempt to access beyond end of device
[   34.127837][   T51] loop3: rw=1, sector=169, nr_sectors = 8 limit=128
[   34.141543][   T51] kworker/u8:3: attempt to access beyond end of device
[   34.141543][   T51] loop3: rw=1, sector=185, nr_sectors = 8 limit=128
[   34.145352][ T3732] EXT4-fs (loop0): mounted filesystem 05000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   34.173144][   T51] kworker/u8:3: attempt to access beyond end of device
[   34.173144][   T51] loop3: rw=1, sector=201, nr_sectors = 8 limit=128
[   34.190212][   T51] kworker/u8:3: attempt to access beyond end of device
[   34.190212][   T51] loop3: rw=1, sector=217, nr_sectors = 8 limit=128
[   34.216723][ T3760] netlink: 8 bytes leftover after parsing attributes in process `syz.2.55'.
[   34.264434][ T3766] loop1: detected capacity change from 0 to 512
[   34.267112][ T3732] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.62: Allocating blocks 497-513 which overlap fs metadata
[   34.277417][ T3768] netlink: 16 bytes leftover after parsing attributes in process `syz.2.59'.
[   34.288126][   T51] kworker/u8:3: attempt to access beyond end of device
[   34.288126][   T51] loop3: rw=1, sector=233, nr_sectors = 8 limit=128
[   34.319476][ T3732] EXT4-fs (loop0): Remounting filesystem read-only
[   34.327748][ T3766] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   34.370360][   T51] kworker/u8:3: attempt to access beyond end of device
[   34.370360][   T51] loop3: rw=1, sector=249, nr_sectors = 8 limit=128
[   34.372471][ T3763] random: crng reseeded on system resumption
[   34.398025][ T3731] EXT4-fs (loop0): pa ffff888106ad4540: logic 0, phys. 257, len 16
[   34.414249][   T51] kworker/u8:3: attempt to access beyond end of device
[   34.414249][   T51] loop3: rw=1, sector=265, nr_sectors = 8 limit=128
[   34.428055][ T3766] netlink: 8 bytes leftover after parsing attributes in process `syz.1.58'.
[   34.450731][ T3773] netlink: 'syz.2.60': attribute type 1 has an invalid length.
[   34.458637][   T51] kworker/u8:3: attempt to access beyond end of device
[   34.458637][   T51] loop3: rw=1, sector=281, nr_sectors = 8 limit=128
[   34.474323][   T51] kworker/u8:3: attempt to access beyond end of device
[   34.474323][   T51] loop3: rw=1, sector=297, nr_sectors = 8 limit=128
[   34.509363][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.532213][ T3308] EXT4-fs (loop0): unmounting filesystem 05000000-0000-0000-0000-000000000000.
[   34.534532][ T3775] loop4: detected capacity change from 0 to 1024
[   34.589047][ T3775] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   34.617688][ T3775] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   34.631484][ T3782] tipc: Started in network mode
[   34.636393][ T3782] tipc: Node identity 7a400000ff7f0000403a002d00002d4, cluster identity 4711
[   34.650022][ T3782] 9pnet_fd: Insufficient options for proto=fd
[   34.659642][ T3775] FAULT_INJECTION: forcing a failure.
[   34.659642][ T3775] name failslab, interval 1, probability 0, space 0, times 1
[   34.662337][ T3789] loop3: detected capacity change from 0 to 1024
[   34.672391][ T3775] CPU: 0 UID: 0 PID: 3775 Comm: syz.4.63 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[   34.672420][ T3775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   34.672432][ T3775] Call Trace:
[   34.672438][ T3775]  <TASK>
[   34.672445][ T3775]  __dump_stack+0x1d/0x30
[   34.672486][ T3775]  dump_stack_lvl+0xe8/0x140
[   34.672505][ T3775]  dump_stack+0x15/0x1b
[   34.672522][ T3775]  should_fail_ex+0x265/0x280
[   34.672631][ T3775]  should_failslab+0x8c/0xb0
[   34.672654][ T3775]  kmem_cache_alloc_noprof+0x50/0x310
[   34.672741][ T3775]  ? getname_flags+0x80/0x3b0
[   34.672762][ T3775]  ? __fget_files+0x184/0x1c0
[   34.672782][ T3775]  getname_flags+0x80/0x3b0
[   34.672816][ T3775]  path_listxattrat+0x7e/0x2a0
[   34.672841][ T3775]  __x64_sys_listxattr+0x4a/0x60
[   34.672921][ T3775]  x64_sys_call+0xfff/0x2fb0
[   34.672950][ T3775]  do_syscall_64+0xd2/0x200
[   34.672968][ T3775]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   34.672993][ T3775]  ? clear_bhb_loop+0x40/0x90
[   34.673013][ T3775]  ? clear_bhb_loop+0x40/0x90
[   34.673033][ T3775]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   34.673108][ T3775] RIP: 0033:0x7f102286e929
[   34.673124][ T3775] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   34.673142][ T3775] RSP: 002b:00007f1020ed7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c2
[   34.673162][ T3775] RAX: ffffffffffffffda RBX: 00007f1022a95fa0 RCX: 00007f102286e929
[   34.673174][ T3775] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180
[   34.673254][ T3775] RBP: 00007f1020ed7090 R08: 0000000000000000 R09: 0000000000000000
[   34.673267][ T3775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   34.673279][ T3775] R13: 0000000000000000 R14: 00007f1022a95fa0 R15: 00007ffee1543558
[   34.673296][ T3775]  </TASK>
[   34.748469][ T3782] infiniband syz0: set active
[   34.763954][ T3789] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   34.767947][ T3782] infiniband syz0: added veth0_to_team
[   34.807195][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   34.814103][ T3789] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[   34.857153][ T3793] FAULT_INJECTION: forcing a failure.
[   34.857153][ T3793] name failslab, interval 1, probability 0, space 0, times 0
[   34.862266][ T3789] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869)
[   34.865259][ T3793] CPU: 0 UID: 0 PID: 3793 Comm: syz.0.69 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[   34.865288][ T3793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   34.865302][ T3793] Call Trace:
[   34.865309][ T3793]  <TASK>
[   34.865318][ T3793]  __dump_stack+0x1d/0x30
[   34.865421][ T3793]  dump_stack_lvl+0xe8/0x140
[   34.865518][ T3793]  dump_stack+0x15/0x1b
[   34.865535][ T3793]  should_fail_ex+0x265/0x280
[   34.865564][ T3793]  should_failslab+0x8c/0xb0
[   34.865586][ T3793]  __kmalloc_node_noprof+0xa9/0x410
[   34.865656][ T3793]  ? allocate_slab+0x144/0x3a0
[   34.865675][ T3793]  allocate_slab+0x144/0x3a0
[   34.865693][ T3793]  ___slab_alloc+0x3ce/0x900
[   34.865721][ T3793]  ? proc_reg_open+0x15a/0x340
[   34.865742][ T3793]  ? should_fail_ex+0xdb/0x280
[   34.865908][ T3793]  kmem_cache_alloc_noprof+0x1f0/0x310
[   34.865932][ T3793]  ? proc_reg_open+0x15a/0x340
[   34.866006][ T3793]  proc_reg_open+0x15a/0x340
[   34.866028][ T3793]  do_dentry_open+0x646/0xa20
[   34.866051][ T3793]  ? __pfx_proc_reg_open+0x10/0x10
[   34.866108][ T3793]  vfs_open+0x37/0x1e0
[   34.866131][ T3793]  path_openat+0x1c5e/0x2170
[   34.866166][ T3793]  do_filp_open+0x109/0x230
[   34.866259][ T3793]  ? __pfx_kfree_link+0x10/0x10
[   34.866306][ T3793]  do_sys_openat2+0xa6/0x110
[   34.866332][ T3793]  __x64_sys_openat+0xf2/0x120
[   34.866394][ T3793]  x64_sys_call+0x1af/0x2fb0
[   34.866414][ T3793]  do_syscall_64+0xd2/0x200
[   34.866432][ T3793]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   34.866456][ T3793]  ? clear_bhb_loop+0x40/0x90
[   34.866518][ T3793]  ? clear_bhb_loop+0x40/0x90
[   34.866539][ T3793]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   34.866560][ T3793] RIP: 0033:0x7f6c4cd6e929
[   34.866576][ T3793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   34.866593][ T3793] RSP: 002b:00007f6c4b3d7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[   34.866613][ T3793] RAX: ffffffffffffffda RBX: 00007f6c4cf95fa0 RCX: 00007f6c4cd6e929
[   34.866667][ T3793] RDX: 0000000000004000 RSI: 0000200000000080 RDI: ffffffffffffff9c
[   34.866679][ T3793] RBP: 00007f6c4b3d7090 R08: 0000000000000000 R09: 0000000000000000
[   34.866691][ T3793] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   34.866703][ T3793] R13: 0000000000000000 R14: 00007f6c4cf95fa0 R15: 00007ffc6fb5ab78
[   34.866727][ T3793]  </TASK>
[   34.921401][ T3782] RDS/IB: syz0: added
[   34.930072][ T3789] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   34.948911][ T3782] smc: adding ib device syz0 with port count 1
[   34.964796][ T3789] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   34.993332][ T3782] smc:    ib device syz0 port 1 has pnetid 
[   35.243595][ T3805] netlink: 8 bytes leftover after parsing attributes in process `syz.0.70'.
[   35.263160][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.297645][ T3807] loop1: detected capacity change from 0 to 512
[   35.309445][ T3814] loop4: detected capacity change from 0 to 512
[   35.330391][ T3812] loop0: detected capacity change from 0 to 512
[   35.336368][ T3811] loop3: detected capacity change from 0 to 1024
[   35.352710][ T3811] EXT4-fs: Ignoring removed bh option
[   35.360733][ T3812] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   35.371619][ T3807] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   35.376586][ T3812] random: crng reseeded on system resumption
[   35.402109][ T3807] ext4 filesystem being mounted at /15/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   35.409857][ T3814] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   35.425317][ T3812] netlink: 8 bytes leftover after parsing attributes in process `syz.0.73'.
[   35.425360][ T3814] ext4 filesystem being mounted at /13/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   35.448756][ T3811] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   35.502672][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.513606][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.535763][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.547615][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   35.583822][ T3824] netlink: 'syz.4.75': attribute type 1 has an invalid length.
[   35.591503][ T3824] netlink: 80 bytes leftover after parsing attributes in process `syz.4.75'.
[   35.593252][ T3825] netlink: 'syz.0.76': attribute type 1 has an invalid length.
[   35.612136][ T3828] xt_CT: You must specify a L4 protocol and not use inversions on it
[   35.636672][ T3828] loop1: detected capacity change from 0 to 1024
[   35.885995][ T3837] netlink: 'syz.0.81': attribute type 4 has an invalid length.
[   35.900414][ T3842] netlink: 8 bytes leftover after parsing attributes in process `syz.4.83'.
[   35.928868][ T3846] loop0: detected capacity change from 0 to 128
[   36.014669][ T3852] loop2: detected capacity change from 0 to 1024
[   36.026131][ T3857] loop3: detected capacity change from 0 to 512
[   36.036127][ T3852] EXT4-fs: Ignoring removed bh option
[   36.041914][ T3859] loop0: detected capacity change from 0 to 512
[   36.056137][ T3852] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   36.072921][ T3857] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   36.086910][ T3864] netlink: 'syz.4.90': attribute type 1 has an invalid length.
[   36.114127][ T3857] random: crng reseeded on system resumption
[   36.134031][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.135016][ T3868] loop4: detected capacity change from 0 to 1024
[   36.145737][ T3859] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   36.171021][ T3859] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   36.197662][ T3870] pim6reg: entered allmulticast mode
[   36.203406][ T3873] ipt_REJECT: TCP_RESET invalid for non-tcp
[   36.209555][ T3870] pim6reg: left allmulticast mode
[   36.221101][ T3868] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   36.237429][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.264276][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.266369][ T3877] loop2: detected capacity change from 0 to 1024
[   36.285956][ T3877] EXT4-fs: Ignoring removed nobh option
[   36.291691][ T3877] EXT4-fs: Ignoring removed bh option
[   36.301201][ T3879] netlink: 'syz.3.94': attribute type 7 has an invalid length.
[   36.308885][ T3879] netlink: 'syz.3.94': attribute type 8 has an invalid length.
[   36.323697][ T3879] loop3: detected capacity change from 0 to 1024
[   36.336220][ T3877] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   36.411584][ T3879] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   36.450857][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.461291][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.473268][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   36.514924][ T3892] xt_time: invalid argument - start or stop time greater than 23:59:59
[   36.548295][ T3894] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   36.725224][ T3901] loop3: detected capacity change from 0 to 1024
[   36.795055][ T3901] EXT4-fs: Ignoring removed bh option
[   36.914034][ T3901] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   37.048447][ T3913] loop2: detected capacity change from 0 to 512
[   37.108318][ T3913] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   37.136251][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.235408][ T3913] random: crng reseeded on system resumption
[   37.250066][   T29] kauditd_printk_skb: 259 callbacks suppressed
[   37.250083][   T29] audit: type=1400 audit(1750067031.052:598): avc:  denied  { mount } for  pid=3916 comm="syz.1.107" name="/" dev="ramfs" ino=6209 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   37.296969][ T3918] xt_connbytes: Forcing CT accounting to be enabled
[   37.304480][ T3920] batman_adv: batadv0: Adding interface: dummy0
[   37.310791][ T3920] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   37.346440][ T3918] Cannot find set identified by id 0 to match
[   37.392621][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   37.419356][   T29] audit: type=1400 audit(1750067031.222:599): avc:  denied  { execute } for  pid=3922 comm="syz.2.108" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=6229 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:hugetlbfs_t tclass=file permissive=1
[   37.449936][ T3920] batman_adv: batadv0: Interface activated: dummy0
[   37.497990][ T3921] hsr_slave_1 (unregistering): left promiscuous mode
[   37.509030][ T3926] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   37.558795][   T29] audit: type=1400 audit(1750067031.302:600): avc:  denied  { append } for  pid=3924 comm="syz.4.109" name="loop9" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[   37.586891][ T3920] batadv0: mtu less than device minimum
[   37.593085][ T3920] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   37.603832][ T3920] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   37.614759][ T3920] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   37.625574][ T3920] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   37.636391][ T3920] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   37.647297][ T3920] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   37.658001][ T3920] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   37.668844][ T3920] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   37.679729][ T3920] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[   37.752779][ T3932] Cannot find add_set index 0 as target
[   37.788119][   T29] audit: type=1400 audit(1750067031.592:601): avc:  denied  { create } for  pid=3931 comm="syz.2.111" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   37.808911][   T29] audit: type=1400 audit(1750067031.592:602): avc:  denied  { mounton } for  pid=3931 comm="syz.2.111" path="/27/file0" dev="tmpfs" ino=168 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[   37.879111][ T3941] loop1: detected capacity change from 0 to 2048
[   37.909573][   T29] audit: type=1400 audit(1750067031.702:603): avc:  denied  { sys_module } for  pid=3934 comm="" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   37.958009][ T3941] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   38.013566][   T29] audit: type=1400 audit(1750067031.812:604): avc:  denied  { create } for  pid=3950 comm="syz.4.115" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   38.033882][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[   38.049268][ T3955] loop2: detected capacity change from 0 to 1024
[   38.066095][ T3955] EXT4-fs: Ignoring removed bh option
[   38.074781][   T29] audit: type=1400 audit(1750067031.862:605): avc:  denied  { getopt } for  pid=3952 comm="syz.0.116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   38.094208][   T29] audit: type=1400 audit(1750067031.862:606): avc:  denied  { connect } for  pid=3952 comm="syz.0.116" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   38.113662][   T29] audit: type=1400 audit(1750067031.862:607): avc:  denied  { name_connect } for  pid=3952 comm="syz.0.116" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=sctp_socket permissive=1
[   38.154049][ T3955] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   38.172534][ T3959] loop1: detected capacity change from 0 to 1024
[   38.189583][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.221855][ T3959] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   38.389844][ T3976] __nla_validate_parse: 7 callbacks suppressed
[   38.389862][ T3976] netlink: 8 bytes leftover after parsing attributes in process `syz.2.123'.
[   38.416704][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.483137][ T3982] netlink: 'syz.2.126': attribute type 2 has an invalid length.
[   38.488196][ T3984] loop1: detected capacity change from 0 to 512
[   38.514039][ T3984] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   38.538584][ T3984] ext4 filesystem being mounted at /25/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   38.566657][ T3992] loop3: detected capacity change from 0 to 128
[   38.579015][ T3994] loop2: detected capacity change from 0 to 512
[   38.592629][ T3994] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   38.649184][ T3994] random: crng reseeded on system resumption
[   38.680457][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.703906][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   38.740483][ T3999] netlink: 68 bytes leftover after parsing attributes in process `syz.1.132'.
[   38.749409][ T3999] netlink: 68 bytes leftover after parsing attributes in process `syz.1.132'.
[   38.824544][ T4009] netlink: 'syz.2.136': attribute type 1 has an invalid length.
[   38.827438][ T4011] netlink: 80 bytes leftover after parsing attributes in process `syz.1.137'.
[   38.832486][ T4009] netlink: 80 bytes leftover after parsing attributes in process `syz.2.136'.
[   38.848279][ T4007] loop3: detected capacity change from 0 to 1024
[   39.040744][ T4007] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.076769][ T4026] loop1: detected capacity change from 0 to 512
[   39.108761][ T4025] loop2: detected capacity change from 0 to 1024
[   39.121784][ T4025] EXT4-fs: Ignoring removed bh option
[   39.133665][ T4026] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   39.159405][ T4026] ext4 filesystem being mounted at /28/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   39.170870][ T4028] loop0: detected capacity change from 0 to 512
[   39.200721][ T4025] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   39.224367][ T4036] loop4: detected capacity change from 0 to 1024
[   39.231228][ T4036] EXT4-fs: Ignoring removed orlov option
[   39.236918][ T4036] EXT4-fs: Ignoring removed bh option
[   39.242513][ T4036] EXT4-fs: Ignoring removed bh option
[   39.255559][ T4028] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   39.330612][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.336808][ T4028] random: crng reseeded on system resumption
[   39.347623][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.360572][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.372225][ T4036] EXT4-fs (loop4): mounted filesystem 05000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   39.428342][ T4036] EXT4-fs (loop4): unmounting filesystem 05000000-0000-0000-0000-000000000000.
[   39.444419][ T4043] netlink: 12 bytes leftover after parsing attributes in process `syz.1.147'.
[   39.454200][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.471620][ T4043] netlink: 12 bytes leftover after parsing attributes in process `syz.1.147'.
[   39.506065][ T4043] netlink: 12 bytes leftover after parsing attributes in process `syz.1.147'.
[   39.536428][ T4050] loop2: detected capacity change from 0 to 512
[   39.558324][ T4052] validate_nla: 1 callbacks suppressed
[   39.558338][ T4052] netlink: 'syz.4.151': attribute type 1 has an invalid length.
[   39.571600][ T4052] netlink: 80 bytes leftover after parsing attributes in process `syz.4.151'.
[   39.602076][ T4050] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.150: Invalid inode bitmap blk 4 in block_group 0
[   39.646674][ T4059] FAULT_INJECTION: forcing a failure.
[   39.646674][ T4059] name failslab, interval 1, probability 0, space 0, times 0
[   39.659369][ T4059] CPU: 0 UID: 0 PID: 4059 Comm: syz.1.153 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[   39.659426][ T4059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   39.659440][ T4059] Call Trace:
[   39.659447][ T4059]  <TASK>
[   39.659457][ T4059]  __dump_stack+0x1d/0x30
[   39.659480][ T4059]  dump_stack_lvl+0xe8/0x140
[   39.659501][ T4059]  dump_stack+0x15/0x1b
[   39.659591][ T4059]  should_fail_ex+0x265/0x280
[   39.659617][ T4059]  ? __pfx_cond_bools_destroy+0x10/0x10
[   39.659643][ T4059]  should_failslab+0x8c/0xb0
[   39.659670][ T4059]  kmem_cache_alloc_noprof+0x50/0x310
[   39.659705][ T4059]  ? hashtab_duplicate+0xfe/0x360
[   39.659727][ T4059]  ? __pfx_cond_bools_destroy+0x10/0x10
[   39.659751][ T4059]  hashtab_duplicate+0xfe/0x360
[   39.659770][ T4059]  ? __pfx_cond_bools_copy+0x10/0x10
[   39.659935][ T4059]  cond_policydb_dup+0xd2/0x4e0
[   39.659969][ T4059]  security_set_bools+0xa0/0x340
[   39.660064][ T4059]  sel_commit_bools_write+0x1ea/0x270
[   39.660118][ T4059]  vfs_writev+0x403/0x8b0
[   39.660144][ T4059]  ? __pfx_sel_commit_bools_write+0x10/0x10
[   39.660178][ T4059]  ? mutex_lock+0xd/0x30
[   39.660361][ T4059]  do_writev+0xe7/0x210
[   39.660383][ T4059]  __x64_sys_writev+0x45/0x50
[   39.660406][ T4059]  x64_sys_call+0x2006/0x2fb0
[   39.660430][ T4059]  do_syscall_64+0xd2/0x200
[   39.660450][ T4059]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   39.660499][ T4059]  ? clear_bhb_loop+0x40/0x90
[   39.660518][ T4059]  ? clear_bhb_loop+0x40/0x90
[   39.660595][ T4059]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   39.660617][ T4059] RIP: 0033:0x7f445015e929
[   39.660635][ T4059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   39.660655][ T4059] RSP: 002b:00007f444e7c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[   39.660679][ T4059] RAX: ffffffffffffffda RBX: 00007f4450385fa0 RCX: 00007f445015e929
[   39.660691][ T4059] RDX: 0000000000000001 RSI: 00002000000025c0 RDI: 0000000000000004
[   39.660702][ T4059] RBP: 00007f444e7c7090 R08: 0000000000000000 R09: 0000000000000000
[   39.660713][ T4059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   39.660726][ T4059] R13: 0000000000000000 R14: 00007f4450385fa0 R15: 00007fff6a99e638
[   39.660746][ T4059]  </TASK>
[   39.753235][ T4060] loop3: detected capacity change from 0 to 512
[   39.765061][ T4050] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   39.825079][ T4062] netlink: 8 bytes leftover after parsing attributes in process `syz.1.155'.
[   39.838620][ T4050] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   39.931281][ T4060] EXT4-fs (loop3): too many log groups per flexible block group
[   39.938990][ T4060] EXT4-fs (loop3): failed to initialize mballoc (-12)
[   39.955018][ T4060] EXT4-fs (loop3): mount failed
[   39.967306][ T4066] loop4: detected capacity change from 0 to 1024
[   39.979689][ T4050] batadv_slave_0: entered promiscuous mode
[   39.986027][ T4050] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   39.998054][ T4050] batadv_slave_0 (unregistering): left promiscuous mode
[   40.008363][ T4050] batman_adv: batadv0: Removing interface: batadv_slave_0
[   40.013833][ T4062] loop1: detected capacity change from 0 to 1024
[   40.016267][ T4066] EXT4-fs: Ignoring removed bh option
[   40.078772][ T4066] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.108375][ T4062] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.125628][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.143454][ T4076] loop2: detected capacity change from 0 to 512
[   40.188487][ T4078] loop4: detected capacity change from 0 to 512
[   40.204029][ T4076] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.217689][ T4076] ext4 filesystem being mounted at /41/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   40.229126][ T3305] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.246466][ T4078] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.247707][ T4082] loop3: detected capacity change from 0 to 1024
[   40.269352][ T4078] random: crng reseeded on system resumption
[   40.292143][ T3312] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.318214][ T4082] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.369067][ T3306] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.477632][ T4093] loop2: detected capacity change from 0 to 1024
[   40.484930][ T4093] EXT4-fs: Ignoring removed orlov option
[   40.490703][ T4093] EXT4-fs: Ignoring removed bh option
[   40.496809][ T3310] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.508872][ T4093] EXT4-fs: Ignoring removed bh option
[   40.558278][ T4108] loop3: detected capacity change from 0 to 2048
[   40.587545][ T4093] EXT4-fs (loop2): mounted filesystem 05000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.602605][ T4110] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   40.609836][ T4110] IPv6: NLM_F_CREATE should be set when creating new route
[   40.642729][ T4093] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4113: comm syz.2.162: Allocating blocks 497-513 which overlap fs metadata
[   40.665717][ T4117] loop0: detected capacity change from 0 to 512
[   40.675299][ T4093] EXT4-fs (loop2): Remounting filesystem read-only
[   40.683138][ T4092] EXT4-fs (loop2): pa ffff8881069bd150: logic 0, phys. 257, len 16
[   40.692957][ T4108] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.718008][ T3312] EXT4-fs (loop2): unmounting filesystem 05000000-0000-0000-0000-000000000000.
[   40.728371][ T4117] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   40.741977][ T4117] ext4 filesystem being mounted at /28/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   40.798454][ T3308] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   40.848280][ T4130] loop0: detected capacity change from 0 to 512
[   40.884348][ T4130] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   40.887406][ T4136] loop2: detected capacity change from 0 to 1024
[   40.906101][ T4130] random: crng reseeded on system resumption
[   41.012898][ T4143] FAULT_INJECTION: forcing a failure.
[   41.012898][ T4143] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   41.026037][ T4143] CPU: 1 UID: 0 PID: 4143 Comm: syz.4.177 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[   41.026065][ T4143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   41.026076][ T4143] Call Trace:
[   41.026082][ T4143]  <TASK>
[   41.026120][ T4143]  __dump_stack+0x1d/0x30
[   41.026144][ T4143]  dump_stack_lvl+0xe8/0x140
[   41.026167][ T4143]  dump_stack+0x15/0x1b
[   41.026250][ T4143]  should_fail_ex+0x265/0x280
[   41.026286][ T4143]  should_fail+0xb/0x20
[   41.026317][ T4143]  should_fail_usercopy+0x1a/0x20
[   41.026454][ T4143]  copy_folio_from_iter_atomic+0x278/0x1170
[   41.026483][ T4143]  ? shmem_write_begin+0xa8/0x190
[   41.026628][ T4143]  ? shmem_write_begin+0xe1/0x190
[   41.026656][ T4143]  generic_perform_write+0x2c2/0x490
[   41.026684][ T4143]  shmem_file_write_iter+0xc5/0xf0
[   41.026781][ T4143]  ? __pfx_shmem_file_write_iter+0x10/0x10
[   41.026851][ T4143]  vfs_write+0x4a0/0x8e0
[   41.026889][ T4143]  ksys_write+0xda/0x1a0
[   41.026905][ T4143]  __x64_sys_write+0x40/0x50
[   41.026921][ T4143]  x64_sys_call+0x2cdd/0x2fb0
[   41.026965][ T4143]  do_syscall_64+0xd2/0x200
[   41.026986][ T4143]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   41.027011][ T4143]  ? clear_bhb_loop+0x40/0x90
[   41.027038][ T4143]  ? clear_bhb_loop+0x40/0x90
[   41.027058][ T4143]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   41.027078][ T4143] RIP: 0033:0x7f102286e929
[   41.027093][ T4143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   41.027156][ T4143] RSP: 002b:00007f1020e95038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   41.027175][ T4143] RAX: ffffffffffffffda RBX: 00007f1022a96160 RCX: 00007f102286e929
[   41.027188][ T4143] RDX: 000000000208e24b RSI: 0000200000000240 RDI: 000000000000000b
[   41.027203][ T4143] RBP: 00007f1020e95090 R08: 0000000000000000 R09: 0000000000000000
[   41.027217][ T4143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   41.027250][ T4143] R13: 0000000000000000 R14: 00007f1022a96160 R15: 00007ffee1543558
[   41.027265][ T4143]  </TASK>
[   41.485793][ T4136] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   41.900823][ T4147] FAULT_INJECTION: forcing a failure.
[   41.900823][ T4147] name failslab, interval 1, probability 0, space 0, times 0
[   41.913501][ T4147] CPU: 0 UID: 0 PID: 4147 Comm: syz.0.179 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[   41.913534][ T4147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   41.913544][ T4147] Call Trace:
[   41.913551][ T4147]  <TASK>
[   41.913558][ T4147]  __dump_stack+0x1d/0x30
[   41.913615][ T4147]  dump_stack_lvl+0xe8/0x140
[   41.913714][ T4147]  dump_stack+0x15/0x1b
[   41.913729][ T4147]  should_fail_ex+0x265/0x280
[   41.913764][ T4147]  should_failslab+0x8c/0xb0
[   41.913790][ T4147]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[   41.913852][ T4147]  ? key_alloc+0x2b8/0x9a0
[   41.913963][ T4147]  kmemdup_noprof+0x2b/0x70
[   41.913986][ T4147]  key_alloc+0x2b8/0x9a0
[   41.914074][ T4147]  keyring_alloc+0x45/0xb0
[   41.914104][ T4147]  lookup_user_key+0x35f/0xd10
[   41.914140][ T4147]  ? __pfx_lookup_user_key_possessed+0x10/0x10
[   41.914234][ T4147]  __se_sys_request_key+0x174/0x290
[   41.914262][ T4147]  ? fput+0x8f/0xc0
[   41.914289][ T4147]  __x64_sys_request_key+0x55/0x70
[   41.914317][ T4147]  x64_sys_call+0x2f19/0x2fb0
[   41.914342][ T4147]  do_syscall_64+0xd2/0x200
[   41.914359][ T4147]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   41.914400][ T4147]  ? clear_bhb_loop+0x40/0x90
[   41.914455][ T4147]  ? clear_bhb_loop+0x40/0x90
[   41.914538][ T4147]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   41.914557][ T4147] RIP: 0033:0x7f6c4cd6e929
[   41.914572][ T4147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   41.914588][ T4147] RSP: 002b:00007f6c4b3d7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000f9
[   41.914669][ T4147] RAX: ffffffffffffffda RBX: 00007f6c4cf95fa0 RCX: 00007f6c4cd6e929
[   41.914684][ T4147] RDX: 0000200000000140 RSI: 0000200000000080 RDI: 0000200000000040
[   41.914697][ T4147] RBP: 00007f6c4b3d7090 R08: 0000000000000000 R09: 0000000000000000
[   41.914712][ T4147] R10: fffffffffffffffe R11: 0000000000000246 R12: 0000000000000001
[   41.914726][ T4147] R13: 0000000000000000 R14: 00007f6c4cf95fa0 R15: 00007ffc6fb5ab78
[   41.914746][ T4147]  </TASK>
[   42.269971][ T4165] loop3: detected capacity change from 0 to 512
[   42.284958][ T4151] FAULT_INJECTION: forcing a failure.
[   42.284958][ T4151] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   42.299623][ T4151] CPU: 0 UID: 0 PID: 4151 Comm: syz.2.182 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[   42.299652][ T4151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   42.299666][ T4151] Call Trace:
[   42.299673][ T4151]  <TASK>
[   42.299680][ T4151]  __dump_stack+0x1d/0x30
[   42.299704][ T4151]  dump_stack_lvl+0xe8/0x140
[   42.299732][ T4151]  dump_stack+0x15/0x1b
[   42.299822][ T4151]  should_fail_ex+0x265/0x280
[   42.299852][ T4151]  should_fail_alloc_page+0xf2/0x100
[   42.299943][ T4151]  __alloc_frozen_pages_noprof+0xff/0x360
[   42.300091][ T4151]  alloc_pages_mpol+0xb3/0x250
[   42.300118][ T4151]  vma_alloc_folio_noprof+0x1aa/0x300
[   42.300171][ T4151]  handle_mm_fault+0xec2/0x2be0
[   42.300196][ T4151]  ? __rcu_read_lock+0x37/0x50
[   42.300235][ T4151]  __get_user_pages+0x1036/0x1fb0
[   42.300261][ T4151]  __gup_longterm_locked+0x9c9/0x1010
[   42.300281][ T4151]  ? sysvec_apic_timer_interrupt+0x44/0x80
[   42.300327][ T4151]  ? mm_access+0x25/0x1d0
[   42.300355][ T4151]  pin_user_pages_remote+0x7e/0xb0
[   42.300380][ T4151]  process_vm_rw+0x484/0x950
[   42.300442][ T4151]  __x64_sys_process_vm_writev+0x78/0x90
[   42.300474][ T4151]  x64_sys_call+0xe80/0x2fb0
[   42.300508][ T4151]  do_syscall_64+0xd2/0x200
[   42.300597][ T4151]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   42.300623][ T4151]  ? clear_bhb_loop+0x40/0x90
[   42.300645][ T4151]  ? clear_bhb_loop+0x40/0x90
[   42.300741][ T4151]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   42.300813][ T4151] RIP: 0033:0x7f96ab9ae929
[   42.300829][ T4151] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   42.300844][ T4151] RSP: 002b:00007f96aa017038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137
[   42.300863][ T4151] RAX: ffffffffffffffda RBX: 00007f96abbd5fa0 RCX: 00007f96ab9ae929
[   42.300877][ T4151] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 000000000000006b
[   42.300892][ T4151] RBP: 00007f96aa017090 R08: 000000000000023a R09: 0000000000000000
[   42.300906][ T4151] R10: 0000200000121000 R11: 0000000000000246 R12: 0000000000000002
[   42.300944][ T4151] R13: 0000000000000000 R14: 00007f96abbd5fa0 R15: 00007ffc6a771b18
[   42.300960][ T4151]  </TASK>
[   42.592997][ T4165] ext4 filesystem being mounted at /33/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   42.607595][ T4171] random: crng reseeded on system resumption
[   42.676586][ T4174] mmap: syz.2.189 (4174) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   42.692873][ T4173] loop2: detected capacity change from 0 to 1024
[   42.782701][ T4175] loop2: detected capacity change from 0 to 1024
[   42.814521][ T4175] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[   42.847416][ T4175] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   42.867788][ T4175] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c840e02c, mo2=0000]
[   42.881053][ T4175] EXT4-fs error (device loop2): ext4_map_blocks:780: inode #3: block 2: comm syz.2.189: lblock 2 mapped to illegal pblock 2 (length 1)
[   42.887527][   T29] kauditd_printk_skb: 203 callbacks suppressed
[   42.887543][   T29] audit: type=1400 audit(1750067035.982:811): avc:  denied  { module_load } for  pid=4156 comm="syz.1.183" path="/sys/kernel/crash_elfcorehdr_size" dev="sysfs" ino=207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=system permissive=1
[   42.926241][   T29] audit: type=1400 audit(1750067036.012:812): avc:  denied  { shutdown } for  pid=4158 comm="syz.3.184" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   42.945821][   T29] audit: type=1326 audit(1750067036.432:813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4164 comm="syz.3.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108b17e929 code=0x7ffc0000
[   42.960330][ T4175] EXT4-fs (loop2): Remounting filesystem read-only
[   42.969091][   T29] audit: type=1326 audit(1750067036.432:814): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4164 comm="syz.3.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f108b17e929 code=0x7ffc0000
[   42.975691][ T4175] Quota error (device loop2): qtree_write_dquot: dquota write failed
[   42.999133][   T29] audit: type=1326 audit(1750067036.432:815): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4164 comm="syz.3.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108b17e929 code=0x7ffc0000
[   43.012420][ T4184] loop3: detected capacity change from 0 to 2048
[   43.030444][   T29] audit: type=1326 audit(1750067036.432:816): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4164 comm="syz.3.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f108b17e929 code=0x7ffc0000
[   43.060229][   T29] audit: type=1326 audit(1750067036.432:817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4164 comm="syz.3.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f108b17e929 code=0x7ffc0000
[   43.083528][   T29] audit: type=1326 audit(1750067036.432:818): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4164 comm="syz.3.186" exe="/root/syz-executor" sig=0 arch=c000003e syscall=98 compat=0 ip=0x7f108b17e929 code=0x7ffc0000
[   43.085350][ T4175] Quota error (device loop2): v2_write_file_info: Can't write info structure
[   43.116556][ T4175] EXT4-fs (loop2): 1 orphan inode deleted
[   43.134077][ T4186] loop4: detected capacity change from 0 to 2048
[   43.154369][ T3369] hid-generic 0000:0000:8000.0001: unknown main item tag 0x0
[   43.162923][ T3369] hid-generic 0000:0000:8000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   43.177742][ T4186] FAULT_INJECTION: forcing a failure.
[   43.177742][ T4186] name failslab, interval 1, probability 0, space 0, times 0
[   43.190518][ T4186] CPU: 0 UID: 0 PID: 4186 Comm: syz.4.192 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[   43.190600][ T4186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   43.190613][ T4186] Call Trace:
[   43.190654][ T4186]  <TASK>
[   43.190742][ T4186]  __dump_stack+0x1d/0x30
[   43.190766][ T4186]  dump_stack_lvl+0xe8/0x140
[   43.190786][ T4186]  dump_stack+0x15/0x1b
[   43.190805][ T4186]  should_fail_ex+0x265/0x280
[   43.190865][ T4186]  should_failslab+0x8c/0xb0
[   43.190890][ T4186]  __kmalloc_noprof+0xa5/0x3e0
[   43.190928][ T4186]  ? ___neigh_create+0x4c9/0x1290
[   43.190954][ T4186]  ___neigh_create+0x4c9/0x1290
[   43.190977][ T4186]  ? ipt_do_table+0x9fb/0xab0
[   43.191016][ T4186]  ? netlbl_enabled+0x25/0x40
[   43.191064][ T4186]  ? selinux_ip_postroute+0x1b7/0xb50
[   43.191099][ T4186]  __neigh_create+0x54/0x70
[   43.191120][ T4186]  ip_neigh_gw4+0x12e/0x170
[   43.191149][ T4186]  ip_finish_output2+0x857/0x8b0
[   43.191174][ T4186]  ? __rcu_read_unlock+0x4f/0x70
[   43.191220][ T4186]  ip_finish_output+0x112/0x290
[   43.191244][ T4186]  ip_output+0xad/0x170
[   43.191301][ T4186]  ? __pfx_ip_finish_output+0x10/0x10
[   43.191326][ T4186]  ? __pfx_ip_output+0x10/0x10
[   43.191349][ T4186]  ip_send_skb+0x11d/0x140
[   43.191374][ T4186]  udp_send_skb+0x6e3/0xa40
[   43.191395][ T4186]  ? ip_make_skb+0x197/0x2c0
[   43.191504][ T4186]  udp_sendmsg+0x1050/0x13b0
[   43.191542][ T4186]  ? __pfx_ip_generic_getfrag+0x10/0x10
[   43.191623][ T4186]  ? __pfx_udp_sendmsg+0x10/0x10
[   43.191645][ T4186]  inet_sendmsg+0xac/0xd0
[   43.191662][ T4186]  __sock_sendmsg+0x102/0x180
[   43.191688][ T4186]  ____sys_sendmsg+0x345/0x4e0
[   43.191801][ T4186]  ___sys_sendmsg+0x17b/0x1d0
[   43.191819][ T4186]  ? perf_callchain_user+0xae0/0xb50
[   43.191890][ T4186]  __sys_sendmmsg+0x178/0x300
[   43.191976][ T4186]  __x64_sys_sendmmsg+0x57/0x70
[   43.191996][ T4186]  x64_sys_call+0x2f2f/0x2fb0
[   43.192023][ T4186]  do_syscall_64+0xd2/0x200
[   43.192149][ T4186]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   43.192208][ T4186]  ? clear_bhb_loop+0x40/0x90
[   43.192227][ T4186]  ? clear_bhb_loop+0x40/0x90
[   43.192249][ T4186]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   43.192286][ T4186] RIP: 0033:0x7f102286e929
[   43.192303][ T4186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   43.192335][ T4186] RSP: 002b:00007f1020ed7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   43.192428][ T4186] RAX: ffffffffffffffda RBX: 00007f1022a95fa0 RCX: 00007f102286e929
[   43.192444][ T4186] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000008
[   43.192457][ T4186] RBP: 00007f1020ed7090 R08: 0000000000000000 R09: 0000000000000000
[   43.192470][ T4186] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   43.192507][ T4186] R13: 0000000000000000 R14: 00007f1022a95fa0 R15: 00007ffee1543558
[   43.192526][ T4186]  </TASK>
[   43.195524][ T4173] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[   43.539534][ T4198] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[   43.546093][ T4198] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   43.553732][ T4198] vhci_hcd vhci_hcd.0: Device attached
[   43.580896][ T4199] vhci_hcd: connection closed
[   43.581076][  T387] vhci_hcd: stop threads
[   43.590075][  T387] vhci_hcd: release socket
[   43.594604][  T387] vhci_hcd: disconnect device
[   43.715430][ T4207] __nla_validate_parse: 5 callbacks suppressed
[   43.715447][ T4207] netlink: 8 bytes leftover after parsing attributes in process `syz.1.199'.
[   43.729903][ T4209] netlink: 'syz.0.200': attribute type 1 has an invalid length.
[   43.738293][ T4209] netlink: 80 bytes leftover after parsing attributes in process `syz.0.200'.
[   43.783218][ T4211] loop4: detected capacity change from 0 to 512
[   43.815990][ T4211] ext4 filesystem being mounted at /35/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   43.866651][ T4220] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=19 sclass=netlink_tcpdiag_socket pid=4220 comm=syz.0.203
[   43.899958][ T4223] netlink: 4 bytes leftover after parsing attributes in process `syz.0.205'.
[   43.937228][ T4223] netlink: 4 bytes leftover after parsing attributes in process `syz.0.205'.
[   43.956595][ T4227] netlink: 16 bytes leftover after parsing attributes in process `syz.4.204'.
[   43.965581][ T4227] netlink: 20 bytes leftover after parsing attributes in process `syz.4.204'.
[   44.038970][ T4239] tmpfs: Bad value for 'mpol'
[   44.047128][ T4238] loop4: detected capacity change from 0 to 256
[   44.058238][ T4238] FAT-fs (loop4): bogus logical sector size 2238
[   44.064685][ T4238] FAT-fs (loop4): Can't find a valid FAT filesystem
[   44.072327][ T4238] netlink: 8 bytes leftover after parsing attributes in process `syz.4.209'.
[   44.135612][ T4246] netlink: 8 bytes leftover after parsing attributes in process `syz.1.212'.
[   44.172417][ T4248] loop0: detected capacity change from 0 to 512
[   44.192266][ T4248] ext4 filesystem being mounted at /38/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   44.232104][ T4256] netlink: 'syz.0.215': attribute type 1 has an invalid length.
[   44.239813][ T4256] netlink: 80 bytes leftover after parsing attributes in process `syz.0.215'.
[   44.460042][ T4269] loop0: detected capacity change from 0 to 512
[   44.467530][ T4269] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   44.479249][ T4269] EXT4-fs (loop0): 1 truncate cleaned up
[   44.673414][ T4276] loop2: detected capacity change from 0 to 2048
[   44.707290][ T4276] ext4 filesystem being mounted at /52/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   44.790315][ T4281] FAULT_INJECTION: forcing a failure.
[   44.790315][ T4281] name failslab, interval 1, probability 0, space 0, times 0
[   44.802982][ T4281] CPU: 1 UID: 0 PID: 4281 Comm: syz.3.222 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[   44.803015][ T4281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   44.803050][ T4281] Call Trace:
[   44.803056][ T4281]  <TASK>
[   44.803133][ T4281]  __dump_stack+0x1d/0x30
[   44.803223][ T4281]  dump_stack_lvl+0xe8/0x140
[   44.803275][ T4281]  dump_stack+0x15/0x1b
[   44.803290][ T4281]  should_fail_ex+0x265/0x280
[   44.803318][ T4281]  should_failslab+0x8c/0xb0
[   44.803392][ T4281]  __kmalloc_node_noprof+0xa9/0x410
[   44.803422][ T4281]  ? alloc_slab_obj_exts+0x31/0x80
[   44.803495][ T4281]  alloc_slab_obj_exts+0x31/0x80
[   44.803521][ T4281]  __memcg_slab_post_alloc_hook+0x23f/0x580
[   44.803555][ T4281]  kmem_cache_alloc_noprof+0x220/0x310
[   44.803577][ T4281]  ? dst_alloc+0xbd/0x100
[   44.803685][ T4281]  ? __pfx_ip6_dst_gc+0x10/0x10
[   44.803744][ T4281]  dst_alloc+0xbd/0x100
[   44.803777][ T4281]  ip6_pol_route+0x6bf/0xb40
[   44.803811][ T4281]  ? ip6_pol_route+0x389/0xb40
[   44.803888][ T4281]  ip6_pol_route_input+0x42/0x60
[   44.803909][ T4281]  ? __pfx_ip6_pol_route_input+0x10/0x10
[   44.803940][ T4281]  fib6_rule_lookup+0x32c/0x470
[   44.803962][ T4281]  ? __pfx_ip6_pol_route_input+0x10/0x10
[   44.804020][ T4281]  ip6_route_input+0x412/0x4e0
[   44.804044][ T4281]  ip6_rcv_finish+0x1c1/0x330
[   44.804073][ T4281]  ipv6_rcv+0x72/0x150
[   44.804100][ T4281]  ? __pfx_ip6_rcv_finish+0x10/0x10
[   44.804136][ T4281]  __netif_receive_skb+0x9e/0x270
[   44.804161][ T4281]  ? tun_rx_batched+0xc7/0x430
[   44.804189][ T4281]  netif_receive_skb+0x4b/0x2e0
[   44.804207][ T4281]  ? tun_rx_batched+0xc7/0x430
[   44.804284][ T4281]  tun_rx_batched+0xfc/0x430
[   44.804348][ T4281]  tun_get_user+0x1e5a/0x2500
[   44.804374][ T4281]  ? ref_tracker_alloc+0x1f2/0x2f0
[   44.804475][ T4281]  tun_chr_write_iter+0x15e/0x210
[   44.804498][ T4281]  ? __pfx_tun_chr_write_iter+0x10/0x10
[   44.804522][ T4281]  vfs_write+0x4a0/0x8e0
[   44.804590][ T4281]  ksys_write+0xda/0x1a0
[   44.804611][ T4281]  __x64_sys_write+0x40/0x50
[   44.804631][ T4281]  x64_sys_call+0x2cdd/0x2fb0
[   44.804654][ T4281]  do_syscall_64+0xd2/0x200
[   44.804673][ T4281]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   44.804777][ T4281]  ? clear_bhb_loop+0x40/0x90
[   44.804801][ T4281]  ? clear_bhb_loop+0x40/0x90
[   44.804825][ T4281]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   44.804871][ T4281] RIP: 0033:0x7f108b17d3df
[   44.804886][ T4281] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   44.804902][ T4281] RSP: 002b:00007f10897e7000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   44.805013][ T4281] RAX: ffffffffffffffda RBX: 00007f108b3a5fa0 RCX: 00007f108b17d3df
[   44.805026][ T4281] RDX: 0000000000000042 RSI: 0000200000000880 RDI: 00000000000000c8
[   44.805038][ T4281] RBP: 00007f10897e7090 R08: 0000000000000000 R09: 0000000000000000
[   44.805050][ T4281] R10: 0000000000000042 R11: 0000000000000293 R12: 0000000000000001
[   44.805062][ T4281] R13: 0000000000000000 R14: 00007f108b3a5fa0 R15: 00007ffd5b9b7038
[   44.805083][ T4281]  </TASK>
[   45.137178][ T4282] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.221: bg 0: block 345: padding at end of block bitmap is not set
[   45.186722][ T4288] FAULT_INJECTION: forcing a failure.
[   45.186722][ T4288] name failslab, interval 1, probability 0, space 0, times 0
[   45.189293][ T4293] loop3: detected capacity change from 0 to 512
[   45.199508][ T4288] CPU: 1 UID: 0 PID: 4288 Comm: syz.1.225 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[   45.199552][ T4288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   45.199633][ T4288] Call Trace:
[   45.199639][ T4288]  <TASK>
[   45.199646][ T4288]  __dump_stack+0x1d/0x30
[   45.199669][ T4288]  dump_stack_lvl+0xe8/0x140
[   45.199687][ T4288]  dump_stack+0x15/0x1b
[   45.199704][ T4288]  should_fail_ex+0x265/0x280
[   45.199800][ T4288]  should_failslab+0x8c/0xb0
[   45.199824][ T4288]  kmem_cache_alloc_noprof+0x50/0x310
[   45.199873][ T4288]  ? skb_clone+0x151/0x1f0
[   45.199894][ T4288]  skb_clone+0x151/0x1f0
[   45.199912][ T4288]  __skb_tstamp_tx+0x2fc/0x710
[   45.200001][ T4288]  __dev_queue_xmit+0x13a7/0x1fb0
[   45.200052][ T4288]  ? ipt_do_table+0x9fb/0xab0
[   45.200080][ T4288]  ? selinux_ip_postroute+0x1b7/0xb50
[   45.200114][ T4288]  ? ip_neigh_gw4+0x15a/0x170
[   45.200164][ T4288]  ip_finish_output2+0x77f/0x8b0
[   45.200188][ T4288]  ? __rcu_read_unlock+0x4f/0x70
[   45.200211][ T4288]  ip_finish_output+0x112/0x290
[   45.200234][ T4288]  ip_output+0xad/0x170
[   45.200262][ T4288]  ? __pfx_ip_finish_output+0x10/0x10
[   45.200417][ T4288]  ? __pfx_ip_output+0x10/0x10
[   45.200514][ T4288]  ip_send_skb+0x11d/0x140
[   45.200537][ T4288]  udp_send_skb+0x6e3/0xa40
[   45.200562][ T4288]  udp_sendmsg+0x1050/0x13b0
[   45.200585][ T4288]  ? __pfx_ip_generic_getfrag+0x10/0x10
[   45.200616][ T4288]  ? __pfx_udp_sendmsg+0x10/0x10
[   45.200702][ T4288]  inet_sendmsg+0xac/0xd0
[   45.200720][ T4288]  __sock_sendmsg+0x102/0x180
[   45.200799][ T4288]  ____sys_sendmsg+0x345/0x4e0
[   45.200831][ T4288]  ___sys_sendmsg+0x17b/0x1d0
[   45.200874][ T4288]  __sys_sendmmsg+0x178/0x300
[   45.200900][ T4288]  __x64_sys_sendmmsg+0x57/0x70
[   45.200919][ T4288]  x64_sys_call+0x2f2f/0x2fb0
[   45.200959][ T4288]  do_syscall_64+0xd2/0x200
[   45.200977][ T4288]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   45.201001][ T4288]  ? clear_bhb_loop+0x40/0x90
[   45.201021][ T4288]  ? clear_bhb_loop+0x40/0x90
[   45.201041][ T4288]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.201135][ T4288] RIP: 0033:0x7f445015e929
[   45.201151][ T4288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   45.201168][ T4288] RSP: 002b:00007f444e7c7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[   45.201188][ T4288] RAX: ffffffffffffffda RBX: 00007f4450385fa0 RCX: 00007f445015e929
[   45.201201][ T4288] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000004
[   45.201213][ T4288] RBP: 00007f444e7c7090 R08: 0000000000000000 R09: 0000000000000000
[   45.201273][ T4288] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   45.201285][ T4288] R13: 0000000000000000 R14: 00007f4450385fa0 R15: 00007fff6a99e638
[   45.201303][ T4288]  </TASK>
[   45.256886][   T12] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 16 with max blocks 2048 with error 117
[   45.497264][   T12] EXT4-fs (loop2): This should not happen!! Data will be lost
[   45.497264][   T12] 
[   45.530310][ T4293] ext4 filesystem being mounted at /39/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   45.536097][ T4298] netlink: 'syz.4.227': attribute type 1 has an invalid length.
[   45.548509][ T4298] netlink: 80 bytes leftover after parsing attributes in process `syz.4.227'.
[   45.621695][ T4302] FAULT_INJECTION: forcing a failure.
[   45.621695][ T4302] name failslab, interval 1, probability 0, space 0, times 0
[   45.634508][ T4302] CPU: 1 UID: 0 PID: 4302 Comm: syz.3.229 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[   45.634665][ T4302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   45.634675][ T4302] Call Trace:
[   45.634681][ T4302]  <TASK>
[   45.634688][ T4302]  __dump_stack+0x1d/0x30
[   45.634708][ T4302]  dump_stack_lvl+0xe8/0x140
[   45.634778][ T4302]  dump_stack+0x15/0x1b
[   45.634793][ T4302]  should_fail_ex+0x265/0x280
[   45.634887][ T4302]  should_failslab+0x8c/0xb0
[   45.634908][ T4302]  kmem_cache_alloc_lru_noprof+0x55/0x310
[   45.635014][ T4302]  ? __d_alloc+0x3d/0x350
[   45.635039][ T4302]  __d_alloc+0x3d/0x350
[   45.635064][ T4302]  ? from_vfsgid+0x70/0xa0
[   45.635089][ T4302]  d_alloc_pseudo+0x1e/0x80
[   45.635162][ T4302]  alloc_file_pseudo+0x71/0x160
[   45.635191][ T4302]  ? hugetlbfs_get_inode+0x267/0x370
[   45.635217][ T4302]  hugetlb_file_setup+0x298/0x3d0
[   45.635291][ T4302]  ksys_mmap_pgoff+0x157/0x310
[   45.635399][ T4302]  x64_sys_call+0x1602/0x2fb0
[   45.635422][ T4302]  do_syscall_64+0xd2/0x200
[   45.635443][ T4302]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   45.635472][ T4302]  ? clear_bhb_loop+0x40/0x90
[   45.635495][ T4302]  ? clear_bhb_loop+0x40/0x90
[   45.635572][ T4302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   45.635596][ T4302] RIP: 0033:0x7f108b17e929
[   45.635720][ T4302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   45.635787][ T4302] RSP: 002b:00007f10897e7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[   45.635810][ T4302] RAX: ffffffffffffffda RBX: 00007f108b3a5fa0 RCX: 00007f108b17e929
[   45.635857][ T4302] RDX: 0000000000000002 RSI: 0000000000ff5000 RDI: 0000200000000000
[   45.635871][ T4302] RBP: 00007f10897e7090 R08: ffffffffffffffff R09: 0000000027fa7000
[   45.635885][ T4302] R10: 000000000004c831 R11: 0000000000000246 R12: 0000000000000001
[   45.635899][ T4302] R13: 0000000000000000 R14: 00007f108b3a5fa0 R15: 00007ffd5b9b7038
[   45.635920][ T4302]  </TASK>
[   45.848158][ T4269] syz.0.220 (4269) used greatest stack depth: 6064 bytes left
[   45.866460][   T55] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 2065 with max blocks 1109 with error 28
[   45.879235][   T55] EXT4-fs (loop2): This should not happen!! Data will be lost
[   45.879235][   T55] 
[   45.888937][   T55] EXT4-fs (loop2): Total free blocks count 0
[   45.894972][   T55] EXT4-fs (loop2): Free/Dirty block details
[   45.901107][   T55] EXT4-fs (loop2): free_blocks=0
[   45.906092][   T55] EXT4-fs (loop2): dirty_blocks=1120
[   45.911554][   T55] EXT4-fs (loop2): Block reservation details
[   45.917558][   T55] EXT4-fs (loop2): i_reserved_data_blocks=70
[   46.008650][ T4314] ªªªªªª: renamed from vlan0 (while UP)
[   46.016263][ T4316] loop0: detected capacity change from 0 to 1024
[   46.031846][ T4316] EXT4-fs: Ignoring removed orlov option
[   46.037670][ T4316] EXT4-fs: Ignoring removed bh option
[   46.051343][ T4318] loop1: detected capacity change from 0 to 512
[   46.058112][ T4318] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[   46.089692][ T4328] loop4: detected capacity change from 0 to 512
[   46.090554][ T4316] EXT4-fs: Ignoring removed bh option
[   46.103136][ T4318] EXT4-fs (loop1): 1 truncate cleaned up
[   46.114407][ T4328] ext4 filesystem being mounted at /42/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   46.132537][ T4316] netlink: 'syz.0.235': attribute type 6 has an invalid length.
[   46.236721][ T4339] loop0: detected capacity change from 0 to 1024
[   46.247666][ T4338] loop2: detected capacity change from 0 to 512
[   46.269208][ T4338] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   46.284477][ T4341] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[   46.295889][ T4339] EXT4-fs: Ignoring removed bh option
[   46.301476][ T4339] EXT4-fs: Ignoring removed mblk_io_submit option
[   46.308155][ T4339] EXT4-fs: Ignoring removed oldalloc option
[   46.314788][ T4341] bridge0: port 2(bridge_slave_1) entered disabled state
[   46.315368][ T4338] EXT4-fs (loop2): 1 truncate cleaned up
[   46.322159][ T4341] bridge0: port 1(bridge_slave_0) entered disabled state
[   46.352639][ T4339] ext4: Bad value for 'mb_optimize_scan'
[   46.446012][ T4347] netlink: 'syz.4.243': attribute type 1 has an invalid length.
[   46.755963][   T55] kworker/u8:4 invoked oom-killer: gfp_mask=0x100c0a(GFP_NOIO|__GFP_HIGHMEM|__GFP_MOVABLE|__GFP_HARDWALL), order=0, oom_score_adj=0
[   46.769748][   T55] CPU: 0 UID: 0 PID: 55 Comm: kworker/u8:4 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[   46.769776][   T55] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   46.769790][   T55] Workqueue: loop1 loop_rootcg_workfn
[   46.769825][   T55] Call Trace:
[   46.769853][   T55]  <TASK>
[   46.769861][   T55]  __dump_stack+0x1d/0x30
[   46.769879][   T55]  dump_stack_lvl+0xe8/0x140
[   46.769896][   T55]  dump_stack+0x15/0x1b
[   46.769911][   T55]  dump_header+0x81/0x220
[   46.769943][   T55]  oom_kill_process+0x334/0x3f0
[   46.770044][   T55]  out_of_memory+0x979/0xb80
[   46.770078][   T55]  try_charge_memcg+0x5e6/0x9e0
[   46.770189][   T55]  charge_memcg+0x51/0xc0
[   46.770240][   T55]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[   46.770270][   T55]  __read_swap_cache_async+0x1df/0x350
[   46.770302][   T55]  swap_cluster_readahead+0x376/0x3e0
[   46.770383][   T55]  shmem_swapin_folio+0x71e/0xe40
[   46.770426][   T55]  shmem_get_folio_gfp+0x26c/0xd60
[   46.770453][   T55]  ? update_curr+0x16e/0x320
[   46.770476][   T55]  ? enqueue_task_fair+0x35e/0x980
[   46.770528][   T55]  shmem_write_begin+0xa8/0x190
[   46.770571][   T55]  generic_perform_write+0x184/0x490
[   46.770595][   T55]  shmem_file_write_iter+0xc5/0xf0
[   46.770624][   T55]  lo_rw_aio+0x6ed/0x7a0
[   46.770661][   T55]  loop_process_work+0x52d/0xa60
[   46.770699][   T55]  ? update_load_avg+0x1da/0x820
[   46.770776][   T55]  ? __list_add_valid_or_report+0x38/0xe0
[   46.770798][   T55]  loop_rootcg_workfn+0x22/0x30
[   46.770863][   T55]  process_scheduled_works+0x4ce/0x9d0
[   46.770916][   T55]  worker_thread+0x582/0x770
[   46.770945][   T55]  ? _raw_spin_unlock_irqrestore+0x2b/0x60
[   46.770967][   T55]  ? schedule+0x5f/0xd0
[   46.771069][   T55]  kthread+0x486/0x510
[   46.771085][   T55]  ? finish_task_switch+0xad/0x2b0
[   46.771198][   T55]  ? __pfx_worker_thread+0x10/0x10
[   46.771224][   T55]  ? __pfx_kthread+0x10/0x10
[   46.771241][   T55]  ret_from_fork+0xda/0x150
[   46.771263][   T55]  ? __pfx_kthread+0x10/0x10
[   46.771320][   T55]  ret_from_fork_asm+0x1a/0x30
[   46.771349][   T55]  </TASK>
[   46.875085][ T4355] team_slave_0: entered promiscuous mode
[   46.878388][   T55] memory: usage 307200kB, limit 307200kB, failcnt 313
[   46.883251][ T4355] team_slave_1: entered promiscuous mode
[   46.886603][ T4355] 8021q: adding VLAN 0 to HW filter on device macvtap1
[   46.888956][   T55] memory+swap: usage 307668kB, limit 9007199254740988kB, failcnt 0
[   46.895249][ T4355] team0: Device macvtap1 is already an upper device of the team interface
[   46.898079][   T55] kmem: usage 306996kB, limit 9007199254740988kB, failcnt 0
[   46.898094][   T55] Memory cgroup stats for /syz1:
[   46.902310][   T55] cache 204800
[   47.031861][   T55] rss 0
[   47.034656][   T55] shmem 0
[   47.037614][   T55] mapped_file 0
[   47.041110][   T55] dirty 0
[   47.044183][   T55] writeback 196608
[   47.047958][   T55] workingset_refault_anon 129
[   47.052710][   T55] workingset_refault_file 151
[   47.057654][   T55] swap 479232
[   47.061058][   T55] swapcached 0
[   47.064445][   T55] pgpgin 4341
[   47.067739][   T55] pgpgout 4290
[   47.071130][   T55] pgfault 7356
[   47.074591][   T55] pgmajfault 53
[   47.078086][   T55] inactive_anon 0
[   47.081746][   T55] active_anon 0
[   47.085297][   T55] inactive_file 208896
[   47.089363][   T55] active_file 0
[   47.092832][   T55] unevictable 0
[   47.096362][   T55] hierarchical_memory_limit 314572800
[   47.101759][   T55] hierarchical_memsw_limit 9223372036854771712
[   47.107912][   T55] total_cache 204800
[   47.111920][   T55] total_rss 0
[   47.115224][   T55] total_shmem 0
[   47.118702][   T55] total_mapped_file 0
[   47.122684][   T55] total_dirty 0
[   47.126193][   T55] total_writeback 196608
[   47.130434][   T55] total_workingset_refault_anon 129
[   47.135623][   T55] total_workingset_refault_file 151
[   47.140822][   T55] total_swap 479232
[   47.144616][   T55] total_swapcached 0
[   47.148585][   T55] total_pgpgin 4341
[   47.152412][   T55] total_pgpgout 4290
[   47.156323][   T55] total_pgfault 7356
[   47.160302][   T55] total_pgmajfault 53
[   47.164280][   T55] total_inactive_anon 0
[   47.168466][   T55] total_active_anon 0
[   47.172494][   T55] total_inactive_file 208896
[   47.177069][   T55] total_active_file 0
[   47.181099][   T55] total_unevictable 0
[   47.185088][   T55] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.236,pid=4317,uid=0
[   47.199589][   T55] Memory cgroup out of memory: Killed process 4317 (syz.1.236) total-vm:93884kB, anon-rss:940kB, file-rss:22440kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[   47.217218][ T4355] team_slave_0: left promiscuous mode
[   47.222665][ T4355] team_slave_1: left promiscuous mode
[   47.361034][ T4360] loop0: detected capacity change from 0 to 8192
[   47.491376][ T4365] FAULT_INJECTION: forcing a failure.
[   47.491376][ T4365] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   47.504582][ T4365] CPU: 1 UID: 0 PID: 4365 Comm: syz.3.248 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[   47.504692][ T4365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   47.504705][ T4365] Call Trace:
[   47.504712][ T4365]  <TASK>
[   47.504721][ T4365]  __dump_stack+0x1d/0x30
[   47.504742][ T4365]  dump_stack_lvl+0xe8/0x140
[   47.504759][ T4365]  dump_stack+0x15/0x1b
[   47.504774][ T4365]  should_fail_ex+0x265/0x280
[   47.504852][ T4365]  should_fail+0xb/0x20
[   47.504876][ T4365]  should_fail_usercopy+0x1a/0x20
[   47.504946][ T4365]  _copy_to_user+0x20/0xa0
[   47.504965][ T4365]  simple_read_from_buffer+0xb5/0x130
[   47.504993][ T4365]  proc_fail_nth_read+0x100/0x140
[   47.505040][ T4365]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   47.505062][ T4365]  vfs_read+0x1a0/0x6f0
[   47.505089][ T4365]  ? __rcu_read_unlock+0x4f/0x70
[   47.505110][ T4365]  ? __fget_files+0x184/0x1c0
[   47.505134][ T4365]  ksys_read+0xda/0x1a0
[   47.505210][ T4365]  __x64_sys_read+0x40/0x50
[   47.505239][ T4365]  x64_sys_call+0x2d77/0x2fb0
[   47.505327][ T4365]  do_syscall_64+0xd2/0x200
[   47.505348][ T4365]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   47.505374][ T4365]  ? clear_bhb_loop+0x40/0x90
[   47.505432][ T4365]  ? clear_bhb_loop+0x40/0x90
[   47.505453][ T4365]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   47.505472][ T4365] RIP: 0033:0x7f108b17d33c
[   47.505495][ T4365] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   47.505510][ T4365] RSP: 002b:00007f10897e7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   47.505531][ T4365] RAX: ffffffffffffffda RBX: 00007f108b3a5fa0 RCX: 00007f108b17d33c
[   47.505545][ T4365] RDX: 000000000000000f RSI: 00007f10897e70a0 RDI: 0000000000000007
[   47.505638][ T4365] RBP: 00007f10897e7090 R08: 0000000000000000 R09: 0000000000000000
[   47.505652][ T4365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   47.505743][ T4365] R13: 0000000000000000 R14: 00007f108b3a5fa0 R15: 00007ffd5b9b7038
[   47.505762][ T4365]  </TASK>
[   47.765632][ T4367] loop0: detected capacity change from 0 to 1024
[   47.776432][ T4367] EXT4-fs: Ignoring removed bh option
[   47.926954][   T29] kauditd_printk_skb: 249 callbacks suppressed
[   47.927015][   T29] audit: type=1400 audit(2000000003.860:1068): avc:  denied  { create } for  pid=4372 comm="syz.0.251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[   47.971413][   T29] audit: type=1400 audit(2000000003.900:1069): avc:  denied  { write } for  pid=4372 comm="syz.0.251" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[   48.003306][ T4375] loop4: detected capacity change from 0 to 1024
[   48.021567][   T29] audit: type=1326 audit(2000000003.940:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4372 comm="syz.0.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c4cd6e929 code=0x7ffc0000
[   48.045193][   T29] audit: type=1326 audit(2000000003.940:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4372 comm="syz.0.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7f6c4cd6e929 code=0x7ffc0000
[   48.068528][   T29] audit: type=1326 audit(2000000003.940:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4372 comm="syz.0.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c4cd6e929 code=0x7ffc0000
[   48.085666][ T4375] ext4 filesystem being mounted at /45/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   48.091942][   T29] audit: type=1326 audit(2000000003.950:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4372 comm="syz.0.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6c4cd6e929 code=0x7ffc0000
[   48.125737][   T29] audit: type=1326 audit(2000000003.950:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4372 comm="syz.0.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c4cd6e929 code=0x7ffc0000
[   48.125855][   T29] audit: type=1326 audit(2000000003.950:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4372 comm="syz.0.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f6c4cd6e929 code=0x7ffc0000
[   48.125882][   T29] audit: type=1326 audit(2000000003.950:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4372 comm="syz.0.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c4cd6e929 code=0x7ffc0000
[   48.125906][   T29] audit: type=1326 audit(2000000003.950:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4372 comm="syz.0.251" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f6c4cd6e929 code=0x7ffc0000
[   48.227934][ T4384] loop1: detected capacity change from 0 to 512
[   48.258145][ T4384] ext4 filesystem being mounted at /54/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   48.377621][ T4398] loop1: detected capacity change from 0 to 1024
[   48.393168][ T4398] EXT4-fs: Ignoring removed bh option
[   48.433528][ T4406] netlink: 'syz.4.262': attribute type 9 has an invalid length.
[   48.500483][ T4409] vhci_hcd: default hub control req: 800f v0000 i0000 l31125
[   48.574373][ T4414] loop1: detected capacity change from 0 to 764
[   48.587733][ T4414] iso9660: Unknown parameter '000000000000000000000030177777777777777777777701777777777777777777777'
[   48.602164][ T4415] FAULT_INJECTION: forcing a failure.
[   48.602164][ T4415] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   48.611190][ T4414] loop1: detected capacity change from 0 to 1024
[   48.615326][ T4415] CPU: 1 UID: 0 PID: 4415 Comm: syz.3.265 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[   48.615396][ T4415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   48.615408][ T4415] Call Trace:
[   48.615415][ T4415]  <TASK>
[   48.615423][ T4415]  __dump_stack+0x1d/0x30
[   48.615446][ T4415]  dump_stack_lvl+0xe8/0x140
[   48.615466][ T4415]  dump_stack+0x15/0x1b
[   48.615527][ T4415]  should_fail_ex+0x265/0x280
[   48.615555][ T4415]  should_fail+0xb/0x20
[   48.615581][ T4415]  should_fail_usercopy+0x1a/0x20
[   48.615637][ T4415]  _copy_from_user+0x1c/0xb0
[   48.615658][ T4415]  __copy_msghdr+0x244/0x300
[   48.615707][ T4415]  ___sys_sendmsg+0x109/0x1d0
[   48.615741][ T4415]  __x64_sys_sendmsg+0xd4/0x160
[   48.615763][ T4415]  x64_sys_call+0x2999/0x2fb0
[   48.615784][ T4415]  do_syscall_64+0xd2/0x200
[   48.615803][ T4415]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   48.615835][ T4415]  ? clear_bhb_loop+0x40/0x90
[   48.615856][ T4415]  ? clear_bhb_loop+0x40/0x90
[   48.615890][ T4415]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   48.615914][ T4415] RIP: 0033:0x7f108b17e929
[   48.615929][ T4415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   48.615947][ T4415] RSP: 002b:00007f10897c6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   48.615967][ T4415] RAX: ffffffffffffffda RBX: 00007f108b3a6080 RCX: 00007f108b17e929
[   48.615980][ T4415] RDX: 0000000000000000 RSI: 0000200000000780 RDI: 000000000000000a
[   48.615992][ T4415] RBP: 00007f10897c6090 R08: 0000000000000000 R09: 0000000000000000
[   48.616004][ T4415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   48.616073][ T4415] R13: 0000000000000000 R14: 00007f108b3a6080 R15: 00007ffd5b9b7038
[   48.616091][ T4415]  </TASK>
[   49.163308][ T4422] __nla_validate_parse: 12 callbacks suppressed
[   49.163325][ T4422] netlink: 8 bytes leftover after parsing attributes in process `syz.2.268'.
[   49.278255][ T4431] loop0: detected capacity change from 0 to 512
[   49.279344][ T4429] Cannot find del_set index 1 as target
[   49.315432][ T4431] ext4 filesystem being mounted at /51/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   49.333150][ T4436] netlink: 28 bytes leftover after parsing attributes in process `syz.3.273'.
[   49.371784][ T4438] loop3: detected capacity change from 0 to 1024
[   49.379304][ T4438] EXT4-fs: Ignoring removed bh option
[   49.497044][ T4444] FAULT_INJECTION: forcing a failure.
[   49.497044][ T4444] name failslab, interval 1, probability 0, space 0, times 0
[   49.516425][ T4444] CPU: 0 UID: 0 PID: 4444 Comm: syz.4.276 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[   49.516458][ T4444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   49.516487][ T4444] Call Trace:
[   49.516493][ T4444]  <TASK>
[   49.516501][ T4444]  __dump_stack+0x1d/0x30
[   49.516525][ T4444]  dump_stack_lvl+0xe8/0x140
[   49.516547][ T4444]  dump_stack+0x15/0x1b
[   49.516566][ T4444]  should_fail_ex+0x265/0x280
[   49.516646][ T4444]  should_failslab+0x8c/0xb0
[   49.516671][ T4444]  __kmalloc_node_track_caller_noprof+0xa4/0x410
[   49.516702][ T4444]  ? p9_client_create+0x59/0xbc0
[   49.516799][ T4444]  ? p9_client_create+0x207/0xbc0
[   49.516823][ T4444]  ? should_failslab+0x8c/0xb0
[   49.516843][ T4444]  kstrdup+0x3e/0xd0
[   49.516941][ T4444]  p9_client_create+0x207/0xbc0
[   49.516994][ T4444]  v9fs_session_init+0xf7/0xde0
[   49.517020][ T4444]  ? __rcu_read_unlock+0x4f/0x70
[   49.517043][ T4444]  ? should_fail_ex+0xdb/0x280
[   49.517068][ T4444]  ? v9fs_mount+0x51/0x590
[   49.517101][ T4444]  ? should_failslab+0x8c/0xb0
[   49.517161][ T4444]  ? __kmalloc_cache_noprof+0x189/0x320
[   49.517187][ T4444]  v9fs_mount+0x67/0x590
[   49.517241][ T4444]  ? __pfx_v9fs_mount+0x10/0x10
[   49.517363][ T4444]  legacy_get_tree+0x78/0xd0
[   49.517393][ T4444]  vfs_get_tree+0x57/0x1d0
[   49.517410][ T4444]  do_new_mount+0x207/0x680
[   49.517483][ T4444]  ? path_mount+0x48d/0xb20
[   49.517510][ T4444]  path_mount+0x4a4/0xb20
[   49.517536][ T4444]  ? user_path_at+0x109/0x130
[   49.517633][ T4444]  __se_sys_mount+0x28f/0x2e0
[   49.517652][ T4444]  __x64_sys_mount+0x67/0x80
[   49.517668][ T4444]  x64_sys_call+0xd36/0x2fb0
[   49.517686][ T4444]  do_syscall_64+0xd2/0x200
[   49.517784][ T4444]  ? irqentry_exit_to_user_mode+0x7e/0xa0
[   49.517834][ T4444]  ? clear_bhb_loop+0x40/0x90
[   49.517903][ T4444]  ? clear_bhb_loop+0x40/0x90
[   49.517921][ T4444]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   49.518038][ T4444] RIP: 0033:0x7f102286e929
[   49.518053][ T4444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   49.518070][ T4444] RSP: 002b:00007f1020ed7038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   49.518093][ T4444] RAX: ffffffffffffffda RBX: 00007f1022a95fa0 RCX: 00007f102286e929
[   49.518134][ T4444] RDX: 0000200000000280 RSI: 0000200000000300 RDI: 0000000000000000
[   49.518174][ T4444] RBP: 00007f1020ed7090 R08: 0000200000000600 R09: 0000000000000000
[   49.518187][ T4444] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   49.518208][ T4444] R13: 0000000000000000 R14: 00007f1022a95fa0 R15: 00007ffee1543558
[   49.518225][ T4444]  </TASK>
[   49.791538][ T4449] netlink: 'syz.0.278': attribute type 1 has an invalid length.
[   49.799409][ T4449] netlink: 80 bytes leftover after parsing attributes in process `syz.0.278'.
[   49.850939][ T4453] netlink: 8 bytes leftover after parsing attributes in process `syz.4.280'.
[   49.909222][ T4461] netlink: 'syz.0.283': attribute type 13 has an invalid length.
[   49.926039][ T4463] netlink: 28 bytes leftover after parsing attributes in process `syz.3.284'.
[   49.937218][ T4461] gretap0: refused to change device tx_queue_len
[   49.943657][ T4461] net_ratelimit: 30 callbacks suppressed
[   49.943670][ T4461] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[   49.972704][ T4468] netlink: 8 bytes leftover after parsing attributes in process `syz.4.286'.
[   49.983336][ T4465] loop1: detected capacity change from 0 to 512
[   50.011086][ T4468] 8021q: adding VLAN 0 to HW filter on device bond1
[   50.044041][ T4465] ext4 filesystem being mounted at /61/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   50.174897][ T4484] netlink: 8 bytes leftover after parsing attributes in process `syz.2.293'.
[   50.206981][ T4489] vlan0: entered allmulticast mode
[   50.238143][ T4492] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   50.244313][ T4494] netlink: 28 bytes leftover after parsing attributes in process `syz.2.297'.
[   50.277538][ T4496] netlink: 'syz.4.299': attribute type 1 has an invalid length.
[   50.285367][ T4496] netlink: 80 bytes leftover after parsing attributes in process `syz.4.299'.
[   50.288529][ T4499] FAULT_INJECTION: forcing a failure.
[   50.288529][ T4499] name failslab, interval 1, probability 0, space 0, times 0
[   50.307074][ T4499] CPU: 0 UID: 0 PID: 4499 Comm: syz.3.298 Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[   50.307154][ T4499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   50.307166][ T4499] Call Trace:
[   50.307174][ T4499]  <TASK>
[   50.307183][ T4499]  __dump_stack+0x1d/0x30
[   50.307269][ T4499]  dump_stack_lvl+0xe8/0x140
[   50.307287][ T4499]  dump_stack+0x15/0x1b
[   50.307306][ T4499]  should_fail_ex+0x265/0x280
[   50.307515][ T4499]  should_failslab+0x8c/0xb0
[   50.307540][ T4499]  kmem_cache_alloc_noprof+0x50/0x310
[   50.307568][ T4499]  ? skb_clone+0x151/0x1f0
[   50.307590][ T4499]  skb_clone+0x151/0x1f0
[   50.307682][ T4499]  __netlink_deliver_tap+0x2c9/0x500
[   50.307705][ T4499]  netlink_unicast+0x64c/0x670
[   50.307731][ T4499]  netlink_sendmsg+0x58b/0x6b0
[   50.307753][ T4499]  ? __pfx_netlink_sendmsg+0x10/0x10
[   50.307775][ T4499]  __sock_sendmsg+0x142/0x180
[   50.307895][ T4499]  ____sys_sendmsg+0x31e/0x4e0
[   50.307932][ T4499]  ___sys_sendmsg+0x17b/0x1d0
[   50.307961][ T4499]  __x64_sys_sendmsg+0xd4/0x160
[   50.308014][ T4499]  x64_sys_call+0x2999/0x2fb0
[   50.308033][ T4499]  do_syscall_64+0xd2/0x200
[   50.308049][ T4499]  ? arch_exit_to_user_mode_prepare+0x27/0x60
[   50.308155][ T4499]  ? clear_bhb_loop+0x40/0x90
[   50.308177][ T4499]  ? clear_bhb_loop+0x40/0x90
[   50.308199][ T4499]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   50.308257][ T4499] RIP: 0033:0x7f108b17e929
[   50.308272][ T4499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   50.308287][ T4499] RSP: 002b:00007f10897e7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   50.308307][ T4499] RAX: ffffffffffffffda RBX: 00007f108b3a5fa0 RCX: 00007f108b17e929
[   50.308320][ T4499] RDX: 0000000000000040 RSI: 00002000000007c0 RDI: 0000000000000003
[   50.308333][ T4499] RBP: 00007f10897e7090 R08: 0000000000000000 R09: 0000000000000000
[   50.308345][ T4499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   50.308433][ T4499] R13: 0000000000000000 R14: 00007f108b3a5fa0 R15: 00007ffd5b9b7038
[   50.308452][ T4499]  </TASK>
[   50.535107][ T4501] loop2: detected capacity change from 0 to 512
[   50.548930][ T4498] wireguard0: entered promiscuous mode
[   50.554553][ T4498] wireguard0: entered allmulticast mode
[   50.574397][ T4501] ext4 filesystem being mounted at /65/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   50.604183][ T4510] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4510 comm=syz.3.302
[   50.619157][ T4492] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   50.646129][ T4511] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4511 comm=syz.3.302
[   50.663966][ T4515] loop2: detected capacity change from 0 to 164
[   50.671761][ T4515] Unable to read rock-ridge attributes
[   50.680338][ T4515] Unable to read rock-ridge attributes
[   50.721690][ T4492] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   50.783510][ T4492] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   50.794097][ T4527] loop3: detected capacity change from 0 to 8192
[   50.797328][ T4528] loop2: detected capacity change from 0 to 1024
[   50.809653][ T4528] EXT4-fs: Ignoring removed orlov option
[   50.815485][ T4528] EXT4-fs: Ignoring removed bh option
[   50.821128][ T4528] EXT4-fs: Ignoring removed bh option
[   50.840784][ T4527]  loop3: p1[EZD] p2 p4
[   50.845271][ T4527] loop3: p1 size 1465778176 extends beyond EOD, truncated
[   50.868572][ T4532] netlink: 'syz.2.308': attribute type 1 has an invalid length.
[   50.875112][ T4492] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   50.876309][ T4532] netlink: 80 bytes leftover after parsing attributes in process `syz.2.308'.
[   50.890987][ T4492] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   50.894016][ T4527] loop3: p2 start 65535 is beyond EOD, truncated
[   50.907757][ T4492] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   50.908019][ T4527] loop3: p4 size 65536 extends beyond EOD, truncated
[   50.931586][ T4492] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   51.017831][ T3925] udevd[3925]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[   51.038600][ T3587] udevd[3587]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory
[   51.048583][ T4536] loop0: detected capacity change from 0 to 1024
[   51.115757][ T4536] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4113: comm syz.0.310: Allocating blocks 449-513 which overlap fs metadata
[   51.139329][ T4535] EXT4-fs (loop0): pa ffff8881069bd230: logic 48, phys. 177, len 21
[   51.147424][ T4535] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5364: group 0, free 0, pa_free 4
[   51.150342][ T4548] loop2: detected capacity change from 0 to 1024
[   51.191094][ T4552] xt_hashlimit: size too large, truncated to 1048576
[   51.222686][ T4554] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies.
[   51.337039][ T2997] ==================================================================
[   51.345166][ T2997] BUG: KCSAN: data-race in set_nlink / set_nlink
[   51.351520][ T2997] 
[   51.353847][ T2997] read to 0xffff888106955388 of 4 bytes by task 3587 on cpu 1:
[   51.361397][ T2997]  set_nlink+0x29/0xb0
[   51.365476][ T2997]  kernfs_iop_permission+0x1e2/0x220
[   51.370778][ T2997]  inode_permission+0x1c7/0x310
[   51.375635][ T2997]  link_path_walk+0x162/0x900
[   51.380340][ T2997]  path_openat+0x1de/0x2170
[   51.384858][ T2997]  do_filp_open+0x109/0x230
[   51.389370][ T2997]  do_sys_openat2+0xa6/0x110
[   51.393974][ T2997]  __x64_sys_openat+0xf2/0x120
[   51.398749][ T2997]  x64_sys_call+0x1af/0x2fb0
[   51.403348][ T2997]  do_syscall_64+0xd2/0x200
[   51.407851][ T2997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.413747][ T2997] 
[   51.416069][ T2997] write to 0xffff888106955388 of 4 bytes by task 2997 on cpu 0:
[   51.423703][ T2997]  set_nlink+0x99/0xb0
[   51.427774][ T2997]  kernfs_iop_permission+0x1e2/0x220
[   51.433073][ T2997]  inode_permission+0x1c7/0x310
[   51.437952][ T2997]  link_path_walk+0x162/0x900
[   51.442636][ T2997]  path_lookupat+0x63/0x2a0
[   51.447147][ T2997]  filename_lookup+0x147/0x340
[   51.451916][ T2997]  vfs_statx+0x9d/0x390
[   51.456078][ T2997]  vfs_fstatat+0x115/0x170
[   51.460502][ T2997]  __se_sys_newfstatat+0x55/0x260
[   51.465534][ T2997]  __x64_sys_newfstatat+0x55/0x70
[   51.470570][ T2997]  x64_sys_call+0x2c22/0x2fb0
[   51.475254][ T2997]  do_syscall_64+0xd2/0x200
[   51.479758][ T2997]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   51.485656][ T2997] 
[   51.487977][ T2997] value changed: 0x00000009 -> 0x00000008
[   51.493693][ T2997] 
[   51.496022][ T2997] Reported by Kernel Concurrency Sanitizer on:
[   51.502173][ T2997] CPU: 0 UID: 0 PID: 2997 Comm: udevd Not tainted 6.16.0-rc1-syzkaller-00239-g08215f5486ec #0 PREEMPT(voluntary) 
[   51.514154][ T2997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[   51.524216][ T2997] ==================================================================
[   51.552000][ T4567] netlink: 'syz.1.323': attribute type 1 has an invalid length.
[   51.567492][ T4561] SET target dimension over the limit!
[   51.599481][ T4563] loop2: detected capacity change from 0 to 512
[   51.622926][ T4563] random: crng reseeded on system resumption