last executing test programs:

5m30.635853468s ago: executing program 4 (id=22):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000280)='kfree\x00', r0}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x38, r2, 0x1, 0x0, 0x1, {}, [@ETHTOOL_A_DEBUG_MSGMASK={0xc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x8, 0x3, 0x0, 0x1, [{0x4}]}]}, @ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x38}}, 0x4012)

5m30.167941306s ago: executing program 4 (id=25):
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x18)
syz_io_uring_setup(0x494, 0x0, 0x0, 0x0)
r2 = gettid()
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0)
write$binfmt_aout(r3, &(0x7f00000001c0)=ANY=[], 0xff2e)
io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x16, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

5m29.411854088s ago: executing program 4 (id=33):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x34}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x28, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r2, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10)
listen(r2, 0x0)
r3 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r3, &(0x7f00000002c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x2, 0x0, {0x41}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x480c0}, 0x0)
accept4(r2, 0x0, 0x0, 0x400000000000000)

5m28.811403139s ago: executing program 4 (id=36):
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f0000000140)={[{@norecovery}]}, 0xee, 0x469, &(0x7f0000000ac0)="$eJzs3E1sVEUcAPD/e/3i01bEDxC0ikbiR0vLhxy8aDTxoImJHjCealsIUqihNRFCFD3g0ZB4Nx5NvJt40otRD8bEq94NCTFcQE9rZve9sl12S8tuWXB/v+RtZ96bZua/86Y7O7PbAHrWaHrIIrZExB8RMVzLLi8wWvtx7cq56X+unJvOolJ58++sWu7qlXPTZdHy9zbXMpVKxFBKDjWp98I7EVNzc7Oni/z44sn3xxfOnH3u+MmpY7PHZk9NHj58YP/uwUOTB9uKLy9+priu7vxofteOV9+++Pr0kYvv/vxNau+W4np9HLckRdtgtPbsNno0PTzZVmV3lF/Tw9a6E1l/68Jjt6FBrF5fRKTuGqiO/+Hoi41L14bjlU+72jhgXVUqlUqz1+fC+QrwP5ZFt1sAdEf5Qp/e/5bHbZp63BEuv1h7A5TivlYctSv9S2sHAw3vbztpNCKOnP/3y3REJ9YhAABu4vs0/3m22fwvjwfqyt1T7KGMRMS9EbEtIu6LiO0RcX9EteyDEfHQGutv3CG5cf6TX7qlwFYpzf9eKPa2ls//ytlfjPQVua3V+Aeyo8fnZvcVz8neGBhK+YkV6vjh5d8/L9MbGq7Vz//Skeov54JFOy71NyzQzUwtTrUbd+nyJxE7+5vFn0W5jZNFxI6I2HmLdRx/+utdra7dPP4VrLDPtFqVryKeqvX/+VgW//WuylruT048f2jy4PiGmJvdN17eFTf65bcLb7Sqv634OyD1/6am9//SLvBItiFi4czZE9X92oW113Hhz8/qxvSy3eUUf/5txJrv/8HsrWp6sDj34dTi4umJiMHstRvPT17/3TJflk/x793TfPxvq2vxwxGRbuLdEfFIsYmb+u6xiHg8IvasEP9PLz3xXqtrrft/hVX5Dkrxz9ys/6O+/9ee6Dvx43drj7+U+v9ANbW3OLOav3+rbWA7zx0AAADcLfLqZ+CzfGwpnedjY7XP8G+PTfnc/MLiM0fnPzg1U/us/EgM5OVK13DdeuhEsTZc5icb8vuLdeMv+jZW82PT83Mz3Q4eetzmFuM/+auv260D1l0H9tGAu5TxD73L+IfeZfxD7zL+oXc1G/8fd6EdwO3n9R96l/EPvcv4h95l/ENPavnd+Lytr/x3OVH+74Q7pT1dSmxczyoi736APZHoX+/beKjppS7/YQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiQ/wIAAP//YKPiyQ==")
setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff})
r0 = open(&(0x7f00000000c0)='./bus\x00', 0xca942, 0x0)
ftruncate(r0, 0x8002007ffb)
fsopen(0x0, 0x1)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f0000000140)={[{@norecovery}]}, 0xee, 0x469, &(0x7f0000000ac0)="$eJzs3E1sVEUcAPD/e/3i01bEDxC0ikbiR0vLhxy8aDTxoImJHjCealsIUqihNRFCFD3g0ZB4Nx5NvJt40otRD8bEq94NCTFcQE9rZve9sl12S8tuWXB/v+RtZ96bZua/86Y7O7PbAHrWaHrIIrZExB8RMVzLLi8wWvtx7cq56X+unJvOolJ58++sWu7qlXPTZdHy9zbXMpVKxFBKDjWp98I7EVNzc7Oni/z44sn3xxfOnH3u+MmpY7PHZk9NHj58YP/uwUOTB9uKLy9+priu7vxofteOV9+++Pr0kYvv/vxNau+W4np9HLckRdtgtPbsNno0PTzZVmV3lF/Tw9a6E1l/68Jjt6FBrF5fRKTuGqiO/+Hoi41L14bjlU+72jhgXVUqlUqz1+fC+QrwP5ZFt1sAdEf5Qp/e/5bHbZp63BEuv1h7A5TivlYctSv9S2sHAw3vbztpNCKOnP/3y3REJ9YhAABu4vs0/3m22fwvjwfqyt1T7KGMRMS9EbEtIu6LiO0RcX9EteyDEfHQGutv3CG5cf6TX7qlwFYpzf9eKPa2ls//ytlfjPQVua3V+Aeyo8fnZvcVz8neGBhK+YkV6vjh5d8/L9MbGq7Vz//Skeov54JFOy71NyzQzUwtTrUbd+nyJxE7+5vFn0W5jZNFxI6I2HmLdRx/+utdra7dPP4VrLDPtFqVryKeqvX/+VgW//WuylruT048f2jy4PiGmJvdN17eFTf65bcLb7Sqv634OyD1/6am9//SLvBItiFi4czZE9X92oW113Hhz8/qxvSy3eUUf/5txJrv/8HsrWp6sDj34dTi4umJiMHstRvPT17/3TJflk/x793TfPxvq2vxwxGRbuLdEfFIsYmb+u6xiHg8IvasEP9PLz3xXqtrrft/hVX5Dkrxz9ys/6O+/9ee6Dvx43drj7+U+v9ANbW3OLOav3+rbWA7zx0AAADcLfLqZ+CzfGwpnedjY7XP8G+PTfnc/MLiM0fnPzg1U/us/EgM5OVK13DdeuhEsTZc5icb8vuLdeMv+jZW82PT83Mz3Q4eetzmFuM/+auv260D1l0H9tGAu5TxD73L+IfeZfxD7zL+oXc1G/8fd6EdwO3n9R96l/EPvcv4h95l/ENPavnd+Lytr/x3OVH+74Q7pT1dSmxczyoi736APZHoX+/beKjppS7/YQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiQ/wIAAP//YKPiyQ==")
chdir(&(0x7f0000000240)='./file0\x00')
r1 = creat(&(0x7f0000000080)='./file0\x00', 0x2)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x7f000, 0x7f000}])
setsockopt(r1, 0x5, 0x2, &(0x7f0000000580)="351ab1524e4a08f20440a33d7120efebeb3e93b8ba213b27e8c1f13bc886308e7ebe282f3ca920482dd953a6f84dcc030d606415d0c4c9bce11cef7f561ed7fa599cc31d86a7fcd2463af645da839c59", 0x50)
creat(&(0x7f0000000000)='./bus\x00', 0x0)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x10100a, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x10001, 0x400, 0x0, 0x0, 0x1, 0x11, "0e36af413bb901527fe4d0ce5d295c3676345a41499dd6aac69c4730251a0ca0ea0000000000000000000c00002000", "038447c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})

5m25.219566658s ago: executing program 4 (id=61):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0x4, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffff7fe, 0x0, 0x0, 0x0, 0x70df}, [@call={0x85, 0x0, 0x0, 0xae}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
lgetxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x9}, 0x18)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000003f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x15)

5m23.732139071s ago: executing program 4 (id=74):
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r0 = signalfd(0xffffffffffffffff, &(0x7f00000000c0)={[0x7]}, 0x8)
ioctl$UFFDIO_MOVE(r0, 0xc028aa05, &(0x7f00000001c0)={&(0x7f0000cab000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x2000})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = gettid()
r6 = getpid()
rt_tgsigqueueinfo(r6, r5, 0x24, &(0x7f0000000000)={0x17, 0xb, 0x85})

5m22.319084852s ago: executing program 32 (id=74):
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0)
r0 = signalfd(0xffffffffffffffff, &(0x7f00000000c0)={[0x7]}, 0x8)
ioctl$UFFDIO_MOVE(r0, 0xc028aa05, &(0x7f00000001c0)={&(0x7f0000cab000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x2000})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = gettid()
r6 = getpid()
rt_tgsigqueueinfo(r6, r5, 0x24, &(0x7f0000000000)={0x17, 0xb, 0x85})

5m10.732462136s ago: executing program 5 (id=141):
syz_read_part_table(0x105f, &(0x7f0000000000)="$eJzsz72twjAYBdDPLz8vockqlAyAxARMQM8KCJZBokEMRMkQSEhBiQkjAMU5hX19bcty8FXNMBTlIkXd76LKZfneLiLd+4io9hF/qf/PbZ6b4+v45XpbThdW7aFNQzh34/pRbyJiPuahT9tuerWaxfr0oW8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwE97BgAA//85xQ6W")

5m9.049195203s ago: executing program 5 (id=149):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='GPL\x00'}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000020000000000000080000000950000000000000018180000", @ANYRES32, @ANYBLOB="00000000000000000000000010ffffff00b15b84000000000000001812f70df20f84a8", @ANYRES32=0x1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000085200000030000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x3, 0x8f, &(0x7f00000000c0)=""/41, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000140)={0x2, 0xa, 0x6, 0x9}, 0x10, 0x0, 0x0, 0x2, &(0x7f0000000180)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1], &(0x7f00000001c0)=[{0x3, 0x1, 0x6, 0x3}, {0x2, 0x6, 0x5, 0x5}], 0x10, 0xffff}, 0x9f)

5m8.630465802s ago: executing program 5 (id=151):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18)
syz_emit_ethernet(0x52, &(0x7f00000001c0)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x44, 0x65, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010104, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0xa, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0xb, 0x0, [@loopback, @loopback]}, @cipso={0x86, 0x6}]}}}}}}}, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_EXTERNAL_AUTH(r2, &(0x7f0000000500)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x34, r3, 0x0, 0x70bd25, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x3, 0x29}}}}, [@NL80211_ATTR_STATUS_CODE={0x6, 0x48, 0x16}, @NL80211_ATTR_BSSID={0xa, 0xf5, @random="d166af1c803f"}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000080}, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e0000000400000008"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sys_enter\x00'}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14140f00000000000000001400020002000000ffffff53a2513743897e44000d0001007564703aa3"], 0x54}}, 0x0)

5m7.845984185s ago: executing program 5 (id=159):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000027c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r1}, 0x10)
openat2$dir(0xffffff9c, &(0x7f0000000100)='./file1/file0\x00', &(0x7f0000000180)={0x220000, 0x0, 0x28}, 0x18)

5m7.500414296s ago: executing program 5 (id=163):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5ba}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='kmem_cache_free\x00', r0, 0x0, 0x3}, 0x18)
r1 = socket$netlink(0x10, 0x3, 0xc)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

5m7.051932659s ago: executing program 5 (id=166):
r0 = syz_io_uring_setup(0x14d9, &(0x7f0000000480)={0x0, 0x5121, 0x0, 0x0, 0x2cf}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SPLICE={0x1e, 0x13, 0x0, @fd_index=0x9, 0xb5, {0x0, r0}, 0x6, 0x9, 0x0, {0x0, r3}})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

4m51.918019627s ago: executing program 33 (id=166):
r0 = syz_io_uring_setup(0x14d9, &(0x7f0000000480)={0x0, 0x5121, 0x0, 0x0, 0x2cf}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000280)=@IORING_OP_SPLICE={0x1e, 0x13, 0x0, @fd_index=0x9, 0xb5, {0x0, r0}, 0x6, 0x9, 0x0, {0x0, r3}})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

4m33.176716234s ago: executing program 7 (id=277):
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f0000000140)={[{@norecovery}]}, 0xee, 0x469, &(0x7f0000000ac0)="$eJzs3E1sVEUcAPD/e/3i01bEDxC0ikbiR0vLhxy8aDTxoImJHjCealsIUqihNRFCFD3g0ZB4Nx5NvJt40otRD8bEq94NCTFcQE9rZve9sl12S8tuWXB/v+RtZ96bZua/86Y7O7PbAHrWaHrIIrZExB8RMVzLLi8wWvtx7cq56X+unJvOolJ58++sWu7qlXPTZdHy9zbXMpVKxFBKDjWp98I7EVNzc7Oni/z44sn3xxfOnH3u+MmpY7PHZk9NHj58YP/uwUOTB9uKLy9+priu7vxofteOV9+++Pr0kYvv/vxNau+W4np9HLckRdtgtPbsNno0PTzZVmV3lF/Tw9a6E1l/68Jjt6FBrF5fRKTuGqiO/+Hoi41L14bjlU+72jhgXVUqlUqz1+fC+QrwP5ZFt1sAdEf5Qp/e/5bHbZp63BEuv1h7A5TivlYctSv9S2sHAw3vbztpNCKOnP/3y3REJ9YhAABu4vs0/3m22fwvjwfqyt1T7KGMRMS9EbEtIu6LiO0RcX9EteyDEfHQGutv3CG5cf6TX7qlwFYpzf9eKPa2ls//ytlfjPQVua3V+Aeyo8fnZvcVz8neGBhK+YkV6vjh5d8/L9MbGq7Vz//Skeov54JFOy71NyzQzUwtTrUbd+nyJxE7+5vFn0W5jZNFxI6I2HmLdRx/+utdra7dPP4VrLDPtFqVryKeqvX/+VgW//WuylruT048f2jy4PiGmJvdN17eFTf65bcLb7Sqv634OyD1/6am9//SLvBItiFi4czZE9X92oW113Hhz8/qxvSy3eUUf/5txJrv/8HsrWp6sDj34dTi4umJiMHstRvPT17/3TJflk/x793TfPxvq2vxwxGRbuLdEfFIsYmb+u6xiHg8IvasEP9PLz3xXqtrrft/hVX5Dkrxz9ys/6O+/9ee6Dvx43drj7+U+v9ANbW3OLOav3+rbWA7zx0AAADcLfLqZ+CzfGwpnedjY7XP8G+PTfnc/MLiM0fnPzg1U/us/EgM5OVK13DdeuhEsTZc5icb8vuLdeMv+jZW82PT83Mz3Q4eetzmFuM/+auv260D1l0H9tGAu5TxD73L+IfeZfxD7zL+oXc1G/8fd6EdwO3n9R96l/EPvcv4h95l/ENPavnd+Lytr/x3OVH+74Q7pT1dSmxczyoi736APZHoX+/beKjppS7/YQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiQ/wIAAP//YKPiyQ==")
setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff})
r0 = open(&(0x7f00000000c0)='./bus\x00', 0xca942, 0x0)
ftruncate(r0, 0x8002007ffb)
fsopen(0x0, 0x1)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f0000000140)={[{@norecovery}]}, 0xee, 0x469, &(0x7f0000000ac0)="$eJzs3E1sVEUcAPD/e/3i01bEDxC0ikbiR0vLhxy8aDTxoImJHjCealsIUqihNRFCFD3g0ZB4Nx5NvJt40otRD8bEq94NCTFcQE9rZve9sl12S8tuWXB/v+RtZ96bZua/86Y7O7PbAHrWaHrIIrZExB8RMVzLLi8wWvtx7cq56X+unJvOolJ58++sWu7qlXPTZdHy9zbXMpVKxFBKDjWp98I7EVNzc7Oni/z44sn3xxfOnH3u+MmpY7PHZk9NHj58YP/uwUOTB9uKLy9+priu7vxofteOV9+++Pr0kYvv/vxNau+W4np9HLckRdtgtPbsNno0PTzZVmV3lF/Tw9a6E1l/68Jjt6FBrF5fRKTuGqiO/+Hoi41L14bjlU+72jhgXVUqlUqz1+fC+QrwP5ZFt1sAdEf5Qp/e/5bHbZp63BEuv1h7A5TivlYctSv9S2sHAw3vbztpNCKOnP/3y3REJ9YhAABu4vs0/3m22fwvjwfqyt1T7KGMRMS9EbEtIu6LiO0RcX9EteyDEfHQGutv3CG5cf6TX7qlwFYpzf9eKPa2ls//ytlfjPQVua3V+Aeyo8fnZvcVz8neGBhK+YkV6vjh5d8/L9MbGq7Vz//Skeov54JFOy71NyzQzUwtTrUbd+nyJxE7+5vFn0W5jZNFxI6I2HmLdRx/+utdra7dPP4VrLDPtFqVryKeqvX/+VgW//WuylruT048f2jy4PiGmJvdN17eFTf65bcLb7Sqv634OyD1/6am9//SLvBItiFi4czZE9X92oW113Hhz8/qxvSy3eUUf/5txJrv/8HsrWp6sDj34dTi4umJiMHstRvPT17/3TJflk/x793TfPxvq2vxwxGRbuLdEfFIsYmb+u6xiHg8IvasEP9PLz3xXqtrrft/hVX5Dkrxz9ys/6O+/9ee6Dvx43drj7+U+v9ANbW3OLOav3+rbWA7zx0AAADcLfLqZ+CzfGwpnedjY7XP8G+PTfnc/MLiM0fnPzg1U/us/EgM5OVK13DdeuhEsTZc5icb8vuLdeMv+jZW82PT83Mz3Q4eetzmFuM/+auv260D1l0H9tGAu5TxD73L+IfeZfxD7zL+oXc1G/8fd6EdwO3n9R96l/EPvcv4h95l/ENPavnd+Lytr/x3OVH+74Q7pT1dSmxczyoi736APZHoX+/beKjppS7/YQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiQ/wIAAP//YKPiyQ==")
chdir(&(0x7f0000000240)='./file0\x00')
r1 = creat(&(0x7f0000000080)='./file0\x00', 0x2)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030000, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x7f000, 0x7f000}])
setsockopt(r1, 0x5, 0x2, &(0x7f0000000580)="351ab1524e4a08f20440a33d7120efebeb3e93b8ba213b27e8c1f13bc886308e7ebe282f3ca920482dd953a6f84dcc030d606415d0c4c9bce11cef7f561ed7fa599cc31d86a7fcd2463af645da839c596d", 0x51)
creat(&(0x7f0000000000)='./bus\x00', 0x0)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x10100a, 0x0)
r3 = open(0x0, 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x10001, 0x400, 0x0, 0x0, 0x1, 0x11, "0e36af413bb901527fe4d0ce5d295c3676345a41499dd6aac69c4730251a0ca0ea0000000000000000000c00002000", "038447c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})

4m30.417056928s ago: executing program 7 (id=409):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
r2 = creat(&(0x7f0000000180)='./file0\x00', 0x10)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r2, &(0x7f0000000300)="ca0e808bb35bda", 0x7)
r5 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x7], 0x0, 0x0, 0x1}}, 0x40)
dup2(r3, r5)

4m28.978643206s ago: executing program 7 (id=423):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r0, 0x0, 0x5}, 0x18)
syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x1809049, 0x0, 0xff, 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000180), 0x2004000, &(0x7f00000010c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYBLOB="6be6b9"])

4m28.494459734s ago: executing program 34 (id=423):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r0, 0x0, 0x5}, 0x18)
syz_mount_image$ext4(0x0, &(0x7f00000001c0)='./file0\x00', 0x1809049, 0x0, 0xff, 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, 0x0, &(0x7f0000000180), 0x2004000, &(0x7f00000010c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',access=', @ANYBLOB="6be6b9"])

11.190568499s ago: executing program 8 (id=2748):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180100000100a7d9000000000020b200850000007b00000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000340)='kfree\x00', r0, 0x0, 0x2}, 0x18)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r3)
sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x3548, 0x0, 0x0, 0x0, 0x4, 0x2, 0x0, 0x1c, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x10}}}}]}, 0x78}}, 0x4008004)
sendmsg$nl_route_sched(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newtfilter={0x6c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x3c, 0x2, [@TCA_BASIC_EMATCHES={0x38, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x2c, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1, 0x0, 0x0, {{}, {0x0, 0x0, 0x1}}}, @TCF_EM_META={0x18, 0x2, 0x0, 0x0, {{0x0, 0x4, 0x4}, [@TCA_EM_META_HDR={0xc}]}}]}]}]}}]}, 0x6c}}, 0x0)

10.923086275s ago: executing program 8 (id=2752):
r0 = socket(0x10, 0x803, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/110, 0x14b}, {&(0x7f0000000280)=""/85, 0x53}, {&(0x7f0000000fc0)=""/4096, 0x564}, {&(0x7f0000000400)=""/106, 0x14}, {&(0x7f0000000740)=""/73, 0x60}, {&(0x7f0000000200)=""/77, 0x630}, {&(0x7f00000007c0)=""/154, 0x4a}, {&(0x7f0000000100)=""/16, 0x158}], 0x8, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x2, &(0x7f0000003700)={0x77359400})
recvfrom$inet_nvme(r0, 0x0, 0x0, 0x100, 0x0, 0x0)

10.671883933s ago: executing program 8 (id=2755):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f00000003c0)='GPL\x00'}, 0x94)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r1=>0x0})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000240), 0x0}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r4, r1, 0x25, 0x2, @val=@tcx}, 0x1c)
syz_emit_ethernet(0x19, &(0x7f0000000940)={@remote, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @val={@val={0x88a8, 0x4, 0x1, 0x1}, {0x8100, 0x3, 0x1, 0x4}}, {@llc={0x4, {@llc={0x6, 0x8e, 'L'}}}}}, 0x0)

9.271959859s ago: executing program 8 (id=2764):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
sendmsg$nl_route_sched(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r4, {0xf000, 0xffff}, {}, {0x7, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r6, {0xf000, 0xffff}, {}, {0x7, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)

8.865369729s ago: executing program 8 (id=2768):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0e000000040000000400000003"], 0x48)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x18, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0x6, 0x9, 0x0, 0x0, 0x3}, {0x3, 0x3, 0x6, 0xa, 0xa, 0xfff0, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {0x7, 0x0, 0x6, 0x0}, {0x18, 0x9, 0x2, 0x0, r1}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x6, 0x1, 0x5, 0x2, 0x9, 0x0, 0x300}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xd, '\x00', 0x0, @fallback=0x2f, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

8.522242855s ago: executing program 8 (id=2772):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
ppoll(&(0x7f0000000140)=[{}], 0x1, 0x0, 0x0, 0xffffffa6)
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)

8.520621163s ago: executing program 2 (id=2773):
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='sched_switch\x00', r0, 0x0, 0x100a}, 0x18)
gettid()
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe2(&(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x80000)
splice(r1, 0x0, r3, 0x0, 0x6, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
splice(r2, 0x0, r4, 0x0, 0x6, 0x7)

7.375855884s ago: executing program 2 (id=2781):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850)
sendmsg$nl_route_sched(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r4, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, 0x0, {0xf000, 0xffff}, {}, {0x7, 0xa}}}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)

7.375601317s ago: executing program 6 (id=2782):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000}}, [@policy_type={0xa, 0x10, {0x1}}]}, 0xc4}, 0x1, 0x0, 0x0, 0x4000}, 0x2c000010)
sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x25dfdbfd, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@empty, 0x0, 0x0, 0x4e23, 0xfffc, 0xa, 0x10, 0x0, 0x33}, {0x8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0xffffffffffffffff}, {0x0, 0xfffffffffffffffa, 0xbc89, 0x3}, 0x4, 0x6e6bb2, 0x1, 0x1, 0x0, 0x3}}, 0xb8}, 0x1, 0x0, 0x0, 0x2000c814}, 0x4)

7.23852606s ago: executing program 0 (id=2783):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000050c0200000c0a01030000000000000000070000080900020073797a31000000000900010073797a3000000000e0010380dc010080080003400000000273000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000030c000240000000000000000e14000180090001006c617374"], 0x290}}, 0x0)

7.015143054s ago: executing program 0 (id=2785):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000800008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000010000008500000084000000b70000000000000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000180)='kmem_cache_free\x00', r1}, 0x10)
r2 = socket$kcm(0x29, 0x2, 0x0)
sendmmsg$inet(r2, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000080)="da", 0x1}], 0x1, &(0x7f0000000040)=ANY=[], 0xd0}}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000001c0)='/', 0x1}], 0x1}}], 0x2, 0x0)
close(r2)

6.975648048s ago: executing program 6 (id=2786):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff274140000001100"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000080), 0x3, 0x4cd, &(0x7f00000000c0)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpi8Ezi3Xg03jTxqkfjyT8ADx5MDAkxXABPa2Z3pt3ur+7CtqXs55Ns+zwzz8zzPDPzzD77PDsbwMAaS/8kEf+LiFsR8VQtujLBWO3f/btXZx7cvToTi5XKqX+Sarp7aTyTb7c9i4wXIgpfJg07rJm/fOXcdLk8dymLTy6c/2xy/vKV18+enz4zd2buwtSJE8eOHjn+5tQbvVeqRX5pve7t/eLivj3vnr75/kwxXz6S/a+vR1vF3oox1mHdK73t6rG3oy6cNB+na+taGLo2kl3WpbT9Xy0fPL3RBQLWTaVSqQy3X71YaXS9aQmwaSWx0SUANkb+Rp9+/s1f69T1eCzcOVn7AJTW+372qq0pRiFLU2r4fNtPYxHx8eK/36Sv6DQO8ecaFQAAGDi/nMx7go39v0Lsrkv3/2wOZTQino6InRHxTETsiohnI6ppn4uI5xszSCIqHfLf1RBfzv/HbBahcPuRK9lB2v97K5vbWtn/y3t/MTqUxXZE5B3mucPZMRmP0vAnZ8tzR9rsf8sq+df3/9JXmn/eF8zKcbvYMEA3O70w/XC1bXbnesTeYmP9k2J64vJpnCQi9kTE3h72O1oXPvvad/uWIqWV6Vavf1WlxZRez/NxrVS+jXi1dv4XY8X5X84x6Tw/OTkS5bnDk+lVcLhlHr/9fuODdvmvWv+f/mrc5J3jP5961GovSc//trrrP/L52+X6jyYRydJ87XxEZai3PG788VV1v2OHmtc97PW/JfmoGs7b1+fTCwuXjkRsSd5rXj61vG0ez9On9R8/1Lr978y2SY/ECxGRXsQvRsRLEbE/K/uBiDgYES2qtuTXt1/+tN26Lq//NZPWf7bl/W/F+V+er+8ykG+cLhk6d+DWgzY3j+7O/7FqaDxb0vr+l6y4RXRb0kc7egAAALA5FKL63f/CxFK4UJiYqI0B7YpthfLF+YX9EXFhtvaMwGiUCvlIV208uJTk45+jdfGphvjRbNz466Gt1fjEzMXy7EZXHgbc9mqbT5raf+rvHsd5gU2oD/NowCa1WvvffXOdCgKsO+//MLjq2v9imySLvikDTybv/zC4WrX/a/F9x2cX3DNg86toyzDQtH8YXMX4cClcfey55dO2wJPI+z8MpF6f6+8tUBluvWokWvxiwMjaFGNri7w2JJD2rPq4w1JEdJd468NkkXcB2//CQ6G3HQ5H86qh6LRV0sPvOOSB9KismvjM7r5f/PlvovT7svlhuZ2WujzdfQpsyO0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg7/4LAAD///QJ1ng=")
write$tun(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="000086dd03000a000000140000006c07010033d43afffe800000000000000000000000000010ff02000000000000000000000000000189"], 0x340a)

6.656812145s ago: executing program 2 (id=2788):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000080000000b"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x4c, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$unix(0x1, 0x1, 0x0)
connect$unix(r1, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000180)={'batadv_slave_0\x00'})
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
setreuid(0xffffffffffffffff, 0xee01)
keyctl$clear(0x7, 0xfffffffffffffffb)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1, 0xc}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVix:De', 0x0)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="03"], 0x50)
r5 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r5}, 0x38)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_query]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r6}, 0x10)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000021fd6a9a58e900f3140c128009000100766574680000004004000280"], 0x3c}}, 0x0)

5.905420527s ago: executing program 0 (id=2789):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r1}, 0x10)
munlockall()
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

5.842003191s ago: executing program 1 (id=2790):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = getpgrp(0x0)
r3 = syz_pidfd_open(r2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0xb, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000580)='svcrdma_encode_wseg\x00', r1, 0x0, 0x7}, 0x18)
r4 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x44, 0xffffffff, 0x0, 0x0, 0x4, 0x2, 0x1}})
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r4, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x30, r5, 0x300, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x1, 0x1a}, @val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0x1, 0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x400c1)
fsetxattr$trusted_overlay_nlink(r3, &(0x7f00000018c0), 0x0, 0x0, 0x3)
syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8901, 0x400, 0x0, 0x2cf}, &(0x7f0000000040)=<r7=>0x0, &(0x7f0000000600))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_usb_disconnect(0xffffffffffffffff)
syz_usb_connect(0x4, 0x24, &(0x7f00000000c0)=ANY=[], 0x0)
ioctl$EVIOCRMFF(0xffffffffffffffff, 0x5509, 0x0)

5.583955661s ago: executing program 3 (id=2791):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000300)='rxrpc_call\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r3, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r3, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)

2.584005876s ago: executing program 3 (id=2792):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x801}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r0}, 0x10)
r1 = socket$inet6(0xa, 0x800000000000002, 0x0)
sendto$inet6(r1, 0x0, 0x5c4, 0x404c844, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @local}, 0x1c)

2.583450354s ago: executing program 6 (id=2793):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000c"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
symlinkat(&(0x7f0000000400)='./file0/../file0\x00', 0xffffffffffffffff, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff}, 0x111}}, 0x20)
write$RDMA_USER_CM_CMD_LISTEN(r2, &(0x7f00000000c0)={0x7, 0x8, 0xfa00, {r3}}, 0x10)
close(r2)

1.892839914s ago: executing program 2 (id=2794):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff000000009408000000001700638af0ff00000000bfa1"], 0x0, 0xc}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ec}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000080)={r0, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x1, 0x353a, 0x1}}, 0x20)
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa1780c206050086dd6018232500102c"], 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='gtp\x00')
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f00000002c0)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0xffffffffffffff62, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48)

1.714486583s ago: executing program 1 (id=2795):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f00000003c0), r0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="17090010000000000000010000000500070000000000080009000000000008000a000008000006000200e400000014001f00000000000000000000000000000000001400"], 0x6c}}, 0x0)

1.714161361s ago: executing program 6 (id=2796):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r3}, 0x10)
r4 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r4}, 0x2c, {[], [], 0x6b}})

1.626764137s ago: executing program 0 (id=2797):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000380)={[{@delalloc}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@dioread_lock}, {@data_err_ignore}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x4007b1}}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = open(&(0x7f0000000200)='./file1\x00', 0x4827e, 0xdc)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r0, 0x1000)
fallocate(r0, 0x0, 0x0, 0x8800000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x14a)
fallocate(r1, 0x20, 0x0, 0x8000)
pipe(&(0x7f00000014c0))

1.580565938s ago: executing program 3 (id=2798):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r0}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a300000000008000540000000050c0200000c0a01030000000000000000070000080900020073797a31000000000900010073797a3000000000e0010380dc010080080003400000000273000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000030c000240000000000000000e14000180090001006c617374"], 0x290}}, 0x0)

1.438337193s ago: executing program 1 (id=2799):
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext3\x00', &(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x4000004, &(0x7f0000000c00)={[{@jqfmt_vfsold}, {@grpid}, {@debug}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0xdf07}}, {@noauto_da_alloc}, {@commit={'commit', 0x3d, 0x5}}, {@init_itable_val={'init_itable', 0x3d, 0x9}}, {@debug}, {@usrjquota}, {@nolazytime}, {@norecovery}]}, 0xfe, 0x477, &(0x7f0000000780)="$eJzs3M1vFOUfAPDvTLctLz9+rYgvIEgVjcSXlpYXOXjRaMJBExM9YDzVtpDKQg2tiRCi1QMeDYl3439hPOnFqBdNvOrdkBDDBdTLmtmZKUvZLVu67QL7+STTPs/M0z7Pd2ae2Wfm2d0AetZI9iOJ+F9E/B4RQ3n25gIj+a/rVy9M/X31wlQStdpbfyX1cteuXpgqi5Z/tzXP1GpFfrBJvRffjZisVmfOFvmxhdMfjM2fO//C7OnJkzMnZ85MHD166OCegSMThzsSZxbXtV0fz+3eeeydS29MHb/03k9JJfK4Y1kcnTKS792mnu50ZV22rSFd37FL9v5yI93sTKCb+iIiO1z99f4/FH2xeWnbULz2WVcbB6yrWq1WW+GqvFgD7mNJdLsFQHcUtwD1+99y2cDhR9ddeTm/Acrivl4s+ZZKpHlib/+y+9tOGomI44v/fJUtsU7PIQAAGn2XjX+ebzb+S+PhPDGQ/fh/MYcyHBEPRMT2iHgwInZExEMR9bKPRMSjq6x/+QzJreOf9PIdB9eGbPz3UjG3dfP4Ly2LDPcVuW31+PuTE7PVmQPFPtkf/YMnZpOZ8RXq+P7V375ota1x/JctWf3lWLBox+XK4Kab/mZ6cmFyTUE3uPJpxK5Ks/iTKKdxkojYGRG77rCO2WcrLbfdPv4VtP63bat9HfFMfvwXY1n8paTl/OT4i0cmDo9tiurMgbHyrLjVz79efLNV/WuKvwOy47+l6fm/FP9wsili/tz5U/X52vnV13Hxj89b3tO0d/4vZY5tK87/geTt+oqBYsNHkwsLZ8cjBpLXb10/ceO/lfmyfBb//n3N+//2uLEnHouI3RGxJyIez24Ki7Y/ERFPRsS+FeL/8ZWn3l99/BszV5rFP3274x+Nx3/1ib5TP3x7+/iza1yr43+ontpfrGnn+tduA9ey7wAAAOBekdbfA5+ko0mlSKfp6Gj+Hv4dsSWtzs0vPHdi7sMz0/l75YejPy2fdA01PA8dL54Nl/mJZfmDxXPjL/s21/OjU3PV6W4HDz1ua9n/l64Fef/P/NnX7dYB664D82jAPUr/h96l/0NvSvR/6Gn6P/SuZv3/k5alR79Z18YAG8rrP/SuNvr/Yv6r9agAuDd5/Yfepf9DT2r52fh0TR/53/DEv8X3Gd4t7bn/E5HeFc24/xOVtr/MYhWJ2lDe/7M1g03LdPvKBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Bn/BQAA///T8uXN")
r0 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x80)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000fa540000850000008200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
open_by_handle_at(r0, &(0x7f0000000240)=@reiserfs_2={0x4b, 0x2, {0xb}}, 0x36f0516f)

1.171856685s ago: executing program 1 (id=2800):
syz_io_uring_setup(0x10b, &(0x7f0000000580)={0x0, 0xd736, 0x8, 0x3, 0xbffffffa}, 0x0, 0x0)
r0 = syz_io_uring_setup(0x70ad, &(0x7f0000000880)={0x0, 0x46c0, 0x3180, 0x7fff, 0x40024f}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x6, 0x0, r0, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r0, 0x627, 0x4c1, 0x43, 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000500000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r4}, 0x10)
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)

1.02330009s ago: executing program 3 (id=2801):
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000200)=[@rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0, 0x14}}], 0x30}, 0x0)

991.366399ms ago: executing program 2 (id=2802):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000020000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x18)
open_tree(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x0)

973.452352ms ago: executing program 6 (id=2803):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9f0390a6f01e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5eaff07000000000000b99c9cc0ad1857216f000000009191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a798de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270b939b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf01cfaed9ef0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546bb2e51935ab9067ec3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f626602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df902aeec50e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd6d89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f000000000100000000d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fb03b84f63e022fe755f4007a4a899eaf52c4f491f1e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c7167d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c2499ce3ffe2fef03f7cdd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c193d66ed4d71f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba3c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63e4581d5cc41cbde2ba66adc1168070c8c6e18a6a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c3340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b909006f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f1400010000ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1b0100448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f949170ef8cb9c13c12138116bca7a8c59363799be7005c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2c74664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677eff7c5c568a89d6e36b165c39132a0f27080ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae1676384ff799783f55d7e5a1a0920300000000000000d98440c355927629f2bcf9dc405a18ca0264400abf38e90000000000000000008faf2cddffbfa69bf32eb718e88ec75603ed7c7a8825ce0f27a114bd7a4ab74d0c7b8d90ccc1c3ca6620def782e24d75aed70eb676437f62677a69e0994cd82d72e95493c830fe9515329f40b7025326dec33a527c5d999298eaa3690fd0d38a02fc6e0bc16dbe19f353027edc014411e1138087221492f5d5e5cc9d0a1acd3f581eda9a807aa0e609f935f626d96351e0ff116686cbeb8939feecd5dac8cf45101942cc7cec21b7f337df5431bcf7e504b7c427f70a10e1cb8993a661306a0576b638a0171e6800b5b35589d676eb30ed1a72e8f7b057eb281c4504195635b6b285ebaba019913a2520e43ed790231f047f7d3789c10ae7d724929f77aec1d33d9587580268ee14396f71e7ef588cb2560d6bd0795a9b97281229eb16de086553469fad7214ffc3e416f8b8e442dce1d37f9b1c88a5d8a8d9f2fe45bd8df213ecb4194c8554aea13cadcd502e51f6fec80418e772b5bd8d0228949058038b185909ee542848680f9ad43f4057d676d5e21ae3d7e0e4a28c04f112a94707f032b35915e42993ff148291b8babe026646ee41905992db217561b90811c4702a14f312fe5d2ae7257db6be1034cc1c346b76a853ce274bf0435e18f7e86c660c18c80f30505dd4cf2ae2a1893b83c62d61bfeadc1f913e4cab2b897e096dd3fe3525090410cb23bab36cdf200a36014032cf6e5121803c5a0c4a273a19f340163fc6265425d513a1294b8439276394945d94a589708e32a1cb30f1fa4b2f08e01dc5e8c6732e6dc59b5c8cb400000000000000592c9b68f09c8f5ddb20b4ae08b4d9df548e5ed6cd47b91a4bea8b6aa52edf64576aef1e43f2958437fdc20fbbd0d4e13d8cce1193b2f9b4f107e25af178d056e1b1e40bd75b013f7484fae0bc447b1ffaf34819fe3ad1a634c94345e26e1e68dec08723a37b05d1594a66a4718a51d4"], &(0x7f0000000100)='GPL\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
r3 = syz_io_uring_setup(0x117, &(0x7f0000000100)={0x0, 0x0, 0x80, 0x2000000, 0x3a6}, 0x0, &(0x7f0000000200)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4)
syz_io_uring_submit(0x0, r4, &(0x7f00000000c0)=@IORING_OP_SENDMSG={0x9, 0x40, 0x0, r2, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000100000001"], 0x18}, 0x0, 0x40000, 0x1})
io_uring_enter(r3, 0x47f6, 0x80ffff, 0x0, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

751.969759ms ago: executing program 3 (id=2804):
creat(&(0x7f00000000c0)='./file0\x00', 0x48)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018004000800395032303030"], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @ib_path={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
mount$bpf(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0xd0060, &(0x7f00000003c0)=ANY=[])

731.431541ms ago: executing program 2 (id=2805):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x2, @dev={0xfe, 0x80, '\x00', 0x13}, 0x7}, 0x1c)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001640), r3)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="090000000000000000000200000014000180050002"], 0x28}}, 0x0)

663.656184ms ago: executing program 0 (id=2806):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000800)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r0}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000240), 0xb, 0x101301)
ioctl$USBDEVFS_IOCTL(r1, 0x80045505, &(0x7f0000000040)=@usbdevfs_connect={0xffffffff})

500.069564ms ago: executing program 1 (id=2807):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffffff}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd7f, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="219a53f271a76d2608004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)

499.767844ms ago: executing program 6 (id=2808):
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0xfff5)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa802, 0x0)
close(r1)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f0000000780)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0xffeb, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, r4, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}}, 0x40004)
recvmmsg(r5, &(0x7f0000001480)=[{{0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000040)=""/55, 0x37}, {&(0x7f0000000540)=""/189, 0xbd}, {&(0x7f0000001ac0)=""/4096, 0x1000}, {&(0x7f0000000340)=""/80, 0x50}], 0x4}, 0x5d}], 0x4000000000000fc, 0x10122, 0x0)

426.912999ms ago: executing program 3 (id=2809):
socket$nl_netfilter(0x10, 0x3, 0xc)
fstat(0xffffffffffffffff, &(0x7f0000000000))
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000000c0)={{{@in6=@local, @in=@initdev}}, {{@in6=@private0}, 0x0, @in=@empty}}, &(0x7f0000000240)=0xe8)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = syz_open_pts(0xffffffffffffffff, 0x8182)
ioctl$TIOCGLCKTRMIOS(r4, 0x5456, &(0x7f0000000000)={0x2, 0x9, 0x8, 0x8, 0x5, "6c2a0a5692c16ea0c38f93b1a2f388a5d2b72a"})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x4, 0x4, 0x3c8, 0x1f8, 0x110, 0x0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@arp={@remote, @broadcast, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x2}}, {@mac=@random="3c192477987a"}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac, @empty, @dev={0xac, 0x14, 0x14, 0x22}, @broadcast, 0x4, 0x110}}}, {{@arp={@loopback, @private=0xa010102, 0xff, 0xffffff00, 0xd, 0x10, {@mac=@multicast, {[0xff, 0xff, 0x0, 0x0, 0xff]}}, {@empty, {[0x0, 0xff, 0x0, 0x0, 0xff]}}, 0x8, 0x0, 0x0, 0x8, 0x1, 0x5a, 'macvlan0\x00', 'ipvlan0\x00', {0xff}, {}, 0x0, 0x100}, 0xc0, 0xe8}, @unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x2}}}, {{@arp={@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xff, 0x0, 0x0, 0x0, {@mac=@link_local, {[0xff]}}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_vlan\x00', 'ipvlan1\x00'}, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x3}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
keyctl$set_reqkey_keyring(0xe, 0x3)
request_key(&(0x7f0000000340)='user\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)=')\x00', 0x0)

193.860377ms ago: executing program 0 (id=2810):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x80078b, &(0x7f0000000680)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x473, &(0x7f0000000bc0)="$eJzs281rHGUYAPBnJh9t7UdirR+tVaNFCIpJk1btwYui4KGioId6jMm2hG4baaLYUmwqUi+CFPQsHgX/Am8iiHoSvOrFkxSK9tLqKTKzM+1mm02N2WRi9veDzb7vzrs7z5P5eud9dwPoWkPZnyRiR0T8EhEDjeriBkONpxvXzk/+de38ZBILC6//keTtrl87P1k2Ld+3vagMpxHph0mxksVmz547OVGv184U9dG5U2+Pzp4999S7pyZO1E7UTo8fOXL40Nizz4w/3ZE8s7yu73t/Zv/el9+8/Mrksctv/fBVFu+OYnlzHp0ylCX+50KuddnjnV5ZxXY2lZPeCgNhRXoiIttcffnxPxA9cWvjDcRLH1QaHLCmsmvTlvaL5xeATSyJqiMAqlFe6LP73/KxTl2PDeHq840boCzvG8WjsaQ30qJNX8v9bScNRcSx+b8/zx6xRuMQAADNPp787Gh/U7/jVv8jjfvy59/yv7uKOZTBiLg7InZHxD0RsSci7o3I294fEQ+sMp7b+z/plVV+5LKy/t9zxdzW4v5f2fuLwZ6itjPPvy85Pl2vHSz+J8PRtyWrjy2zjm9e/PmTdsua+3/ZI1t/2Rcs4rjS2zJANzUxN5F3Sjvg6sWIfb1L5Z/cnAlIImJvROxb2UfvKgvTT3y5v12jO+e/jA7MMy18kaU3n+U/Hy35l5Lm+cnp2+YnR7dGvXZwtNwrbvfjT5dea7f+VeXfAVdrjeem7d/aZDBpnq+dXfk6Lv36Udt7mv+4/6f9yRv5PHN/8dp7E3NzZ8Yi+pOjeX3R6+O33lvWy/bZ/j98YOnjf3fxniz/ByMi24kfioiHI+KRIvZHI+KxiDiwTP7fv9B+WZl/pBVt/4sRU0ue/27u/y3bf+WFnpPffd1u/f9u+x/OS8PFK/n57w6WCic7XbQGuJr/HQAAAPxfpPl34JN05GY5TUdGGt/h3xN3pfWZ2bknj8+8c3qq8V35wehLy5GugWI8tD5dr40l88UnNsZHx4ux4nK89FAxbvxpz7a8PjI5U5+qOHfodtvbHP+Z33uqjg5YY9uWfHW8f90DASrQOo+eLq5eeDWcDGCz8ntt6F53OP7T9YoDWH+u/9C9ljr+L7TUzQXA5uT6D93L8Q9dKv226giACrn+Q1daze/617CwdWOEUU1ho26UvBBRFtINEY/CGhWqPjMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0xj8BAAD//02e6R0=")

0s ago: executing program 1 (id=2811):
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698d0a881c51852e4451b57d037ad3c045942824251d7d17b5191584bcd4fbe40a23424d", "bcfd56f1375461caaa2f19935e6996c7096ffeeb0300000000000064", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
listen(0xffffffffffffffff, 0x100)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000b00)={0x11, 0x5, &(0x7f0000000380)=ANY=[@ANYBLOB="180000000000fbff000000000000001d8500000007000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x801}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='kmem_cache_free\x00', r1}, 0x10)

kernel console output (not intermixed with test programs):

 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  330.465916][ T7048] netdevsim netdevsim8 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  330.479676][   T30] audit: type=1326 audit(1757472945.130:1664): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10646 comm="syz.3.1781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  330.484130][ T7048] netdevsim netdevsim8 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  330.686397][ T7048] netdevsim netdevsim8 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  330.701348][ T7048] netdevsim netdevsim8 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  330.716532][   T30] audit: type=1326 audit(1757472945.130:1665): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10646 comm="syz.3.1781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  330.817731][   T30] audit: type=1326 audit(1757472945.140:1666): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10646 comm="syz.3.1781" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  330.987602][T10667] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check.
[  331.025875][T10670] loop2: detected capacity change from 0 to 512
[  331.119446][T10670] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  331.223279][T10670] ext4 filesystem being mounted at /320/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  331.413639][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  332.212397][T10713] loop6: detected capacity change from 0 to 512
[  332.243940][T10713] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #15: comm syz.6.1808: casefold flag without casefold feature
[  332.296246][T10713] EXT4-fs error (device loop6): ext4_orphan_get:1395: comm syz.6.1808: couldn't read orphan inode 15 (err -117)
[  332.353041][T10713] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  332.571174][ T8428] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  332.790360][T10718] loop8: detected capacity change from 0 to 512
[  332.843912][T10718] EXT4-fs: Ignoring removed bh option
[  332.850736][T10718] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  332.961282][T10718] EXT4-fs (loop8): 1 truncate cleaned up
[  332.969000][T10718] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  333.143179][T10733] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1816'.
[  333.467278][T10748] random: crng reseeded on system resumption
[  333.963905][ T7245] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  334.726384][T10780] random: crng reseeded on system resumption
[  335.254685][T10800] loop3: detected capacity change from 0 to 1024
[  335.308056][T10800] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  335.352630][T10801] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.381508][T10800] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  335.428082][T10800] EXT4-fs (loop3): orphan cleanup on readonly fs
[  335.448196][T10812] netlink: 'syz.0.1848': attribute type 10 has an invalid length.
[  335.456417][T10812] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1848'.
[  335.489262][T10800] EXT4-fs error (device loop3): ext4_free_blocks:6695: comm syz.3.1843: Freeing blocks not in datazone - block = 0, count = 4096
[  335.511071][T10801] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.527115][T10800] EXT4-fs (loop3): 1 orphan inode deleted
[  335.576166][T10800] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  335.759725][T10801] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  335.792777][ T5873] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  335.942368][T10801] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.521632][   T30] kauditd_printk_skb: 41 callbacks suppressed
[  336.521657][   T30] audit: type=1326 audit(1757472951.620:1708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10843 comm="syz.3.1863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  336.593228][ T7045] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  336.619270][ T7045] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  336.637140][   T30] audit: type=1326 audit(1757472951.630:1709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10843 comm="syz.3.1863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  336.669297][   T30] audit: type=1326 audit(1757472951.670:1710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10843 comm="syz.3.1863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  336.705831][   T30] audit: type=1326 audit(1757472951.670:1711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10843 comm="syz.3.1863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  336.767982][   T30] audit: type=1326 audit(1757472951.670:1712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10843 comm="syz.3.1863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  336.790817][ T7046] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  336.822422][   T30] audit: type=1326 audit(1757472951.690:1713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10843 comm="syz.3.1863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  336.851100][ T7045] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  336.911451][T10855] netlink: 'syz.0.1866': attribute type 10 has an invalid length.
[  336.929619][   T30] audit: type=1326 audit(1757472951.690:1714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10843 comm="syz.3.1863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  336.965058][T10850] loop8: detected capacity change from 0 to 1024
[  336.979750][T10855] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1866'.
[  337.024107][T10850] EXT4-fs: Ignoring removed orlov option
[  337.070428][   T30] audit: type=1326 audit(1757472951.690:1715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10843 comm="syz.3.1863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  337.127145][   T30] audit: type=1326 audit(1757472951.690:1716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10843 comm="syz.3.1863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  337.164490][   T30] audit: type=1326 audit(1757472951.690:1717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10843 comm="syz.3.1863" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  337.207836][T10850] EXT4-fs (loop8): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  337.230880][T10850] ext4 filesystem being mounted at /211/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  337.252246][T10861] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  337.320805][T10850] EXT4-fs error (device loop8): ext4_map_blocks:814: inode #15: comm syz.8.1865: lblock 0 mapped to illegal pblock 0 (length 1)
[  337.375555][T10850] EXT4-fs error (device loop8): ext4_ext_remove_space:2955: inode #15: comm syz.8.1865: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  337.632247][ T7245] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  337.693051][T10874] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1875'.
[  338.053666][T10884] loop3: detected capacity change from 0 to 512
[  338.137392][T10884] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  338.187840][T10884] ext4 filesystem being mounted at /323/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  338.371742][T10896] netlink: 'syz.1.1884': attribute type 10 has an invalid length.
[  338.412278][T10896] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1884'.
[  338.438151][ T5873] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  338.477797][T10894] loop8: detected capacity change from 0 to 512
[  338.566502][T10894] EXT4-fs error (device loop8): ext4_orphan_get:1392: inode #15: comm syz.8.1883: iget: bad i_size value: 38620345925642
[  338.670230][T10894] EXT4-fs error (device loop8): ext4_orphan_get:1395: comm syz.8.1883: couldn't read orphan inode 15 (err -117)
[  338.716500][T10894] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  338.935547][T10911] netlink: 'syz.6.1890': attribute type 10 has an invalid length.
[  338.998025][T10911] team0: Port device dummy0 added
[  339.031391][T10917] netlink: 7 bytes leftover after parsing attributes in process `syz.1.1893'.
[  339.042594][T10918] netlink: 'syz.6.1890': attribute type 10 has an invalid length.
[  339.079843][T10917] netlink: 7 bytes leftover after parsing attributes in process `syz.1.1893'.
[  339.084721][ T7245] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  339.105048][T10918] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  339.170652][T10918] team0: Failed to send options change via netlink (err -105)
[  339.178598][T10918] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  339.203971][T10918] team0: Port device dummy0 removed
[  339.222180][T10918] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  339.526086][T10933] loop3: detected capacity change from 0 to 512
[  339.547930][T10933] EXT4-fs: Ignoring removed bh option
[  339.580193][T10933] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  339.616598][T10936] loop8: detected capacity change from 0 to 1024
[  339.623627][T10937] netlink: 'syz.2.1901': attribute type 10 has an invalid length.
[  339.642966][T10936] EXT4-fs: Ignoring removed nobh option
[  339.652899][T10937] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1901'.
[  339.665453][T10936] EXT4-fs: Ignoring removed bh option
[  339.678964][T10933] EXT4-fs (loop3): 1 truncate cleaned up
[  339.720331][T10933] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  339.720724][T10936] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  339.849225][T10936] EXT4-fs (loop8): shut down requested (2)
[  340.106466][ T7245] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  340.934089][ T5873] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  341.424743][T10972] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1912'.
[  341.444775][T10971] random: crng reseeded on system resumption
[  341.577548][T10976] loop3: detected capacity change from 0 to 512
[  341.662653][T10976] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.1915: casefold flag without casefold feature
[  341.748600][T10976] EXT4-fs error (device loop3): ext4_orphan_get:1395: comm syz.3.1915: couldn't read orphan inode 15 (err -117)
[  341.759058][T10983] loop8: detected capacity change from 0 to 1024
[  341.804554][T10976] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  341.844973][T10983] EXT4-fs: Ignoring removed nobh option
[  341.859718][T10983] EXT4-fs: Ignoring removed bh option
[  341.933175][T10991] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1919'.
[  341.947098][T10983] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  342.010687][   T30] kauditd_printk_skb: 13 callbacks suppressed
[  342.010711][   T30] audit: type=1800 audit(1757472957.120:1731): pid=10983 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1917" name="bus" dev="loop8" ino=18 res=0 errno=0
[  342.020441][ T5873] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  342.077007][T10996] EXT4-fs (loop8): shut down requested (2)
[  342.184268][ T7245] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  342.328547][T11007] loop3: detected capacity change from 0 to 512
[  342.414940][T11007] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  342.422910][T11014] GUP no longer grows the stack in syz.8.1927 (11014): 200000004000-200000005000 (200000002000)
[  342.449193][T11007] ext4 filesystem being mounted at /329/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  342.460715][T11014] CPU: 0 UID: 0 PID: 11014 Comm: syz.8.1927 Not tainted syzkaller #0 PREEMPT(full) 
[  342.460760][T11014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  342.460782][T11014] Call Trace:
[  342.460793][T11014]  <TASK>
[  342.460806][T11014]  dump_stack_lvl+0x16c/0x1f0
[  342.460868][T11014]  gup_vma_lookup+0x1d2/0x220
[  342.460911][T11014]  __get_user_pages+0x243/0x34a0
[  342.460961][T11014]  ? srso_alias_return_thunk+0x5/0xfbef5
[  342.461010][T11014]  ? srso_alias_return_thunk+0x5/0xfbef5
[  342.461054][T11014]  ? find_held_lock+0x2b/0x80
[  342.461101][T11014]  ? __pfx___get_user_pages+0x10/0x10
[  342.461148][T11014]  ? srso_alias_return_thunk+0x5/0xfbef5
[  342.461200][T11014]  get_user_pages_remote+0x243/0xab0
[  342.461244][T11014]  ? mas_parent_gap+0x6f0/0x7b0
[  342.461305][T11014]  ? __pfx_get_user_pages_remote+0x10/0x10
[  342.461356][T11014]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  342.461399][T11014]  ? srso_alias_return_thunk+0x5/0xfbef5
[  342.461454][T11014]  __access_remote_vm+0x24d/0x850
[  342.461501][T11014]  ? do_raw_spin_lock+0x12c/0x2b0
[  342.461542][T11014]  ? __pfx___access_remote_vm+0x10/0x10
[  342.461590][T11014]  ? srso_alias_return_thunk+0x5/0xfbef5
[  342.461642][T11014]  proc_pid_cmdline_read+0x4de/0x8e0
[  342.461685][T11014]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  342.461727][T11014]  ? srso_alias_return_thunk+0x5/0xfbef5
[  342.461770][T11014]  ? rw_verify_area+0xcf/0x6c0
[  342.461824][T11014]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  342.461859][T11014]  vfs_readv+0x5c1/0x8b0
[  342.461921][T11014]  ? __pfx_vfs_readv+0x10/0x10
[  342.461977][T11014]  ? kmem_cache_free+0x2d1/0x4d0
[  342.462036][T11014]  ? srso_alias_return_thunk+0x5/0xfbef5
[  342.462102][T11014]  ? srso_alias_return_thunk+0x5/0xfbef5
[  342.462145][T11014]  ? __fget_files+0x20e/0x3c0
[  342.462190][T11014]  ? do_preadv+0x1a6/0x270
[  342.462239][T11014]  ? srso_alias_return_thunk+0x5/0xfbef5
[  342.462281][T11014]  do_preadv+0x1a6/0x270
[  342.462335][T11014]  ? __pfx_do_preadv+0x10/0x10
[  342.462388][T11014]  ? srso_alias_return_thunk+0x5/0xfbef5
[  342.462443][T11014]  do_syscall_64+0xcd/0x4c0
[  342.462480][T11014]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  342.462517][T11014] RIP: 0033:0x7f5adc78eba9
[  342.462545][T11014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  342.462580][T11014] RSP: 002b:00007f5add5ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  342.462620][T11014] RAX: ffffffffffffffda RBX: 00007f5adc9d6090 RCX: 00007f5adc78eba9
[  342.462645][T11014] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000005
[  342.462668][T11014] RBP: 00007f5adc811e19 R08: 0000000000000000 R09: 0000000000000000
[  342.462691][T11014] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000
[  342.462714][T11014] R13: 00007f5adc9d6128 R14: 00007f5adc9d6090 R15: 00007ffe70b7e898
[  342.462763][T11014]  </TASK>
[  342.904504][T10998] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0
[  342.971431][ T5873] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  343.197148][T11032] loop3: detected capacity change from 0 to 512
[  343.269642][T11032] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  343.300375][T11032] ext4 filesystem being mounted at /330/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  343.357344][T11041] loop8: detected capacity change from 0 to 512
[  343.375404][T11041] EXT4-fs error (device loop8): ext4_orphan_get:1392: inode #15: comm syz.8.1936: casefold flag without casefold feature
[  343.407034][T11041] EXT4-fs error (device loop8): ext4_orphan_get:1395: comm syz.8.1936: couldn't read orphan inode 15 (err -117)
[  343.437967][T11041] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  343.461896][ T5873] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  343.678219][ T7245] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  343.771042][T11048] loop2: detected capacity change from 0 to 1024
[  343.796478][T11048] EXT4-fs: Ignoring removed nobh option
[  343.850239][T11048] EXT4-fs: Ignoring removed bh option
[  343.898393][T11048] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  343.926676][T11056] random: crng reseeded on system resumption
[  343.944347][T11057] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1941'.
[  344.035401][T11059] IPVS: sync thread started: state = BACKUP, mcast_ifn = vcan0, syncid = 0, id = 0
[  344.074963][T11048] EXT4-fs (loop2): shut down requested (2)
[  344.089763][   T30] audit: type=1800 audit(1757472959.180:1732): pid=11048 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1939" name="bus" dev="loop2" ino=18 res=0 errno=0
[  344.420363][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.087049][T11077] loop2: detected capacity change from 0 to 2048
[  345.148293][T11075] loop6: detected capacity change from 0 to 128
[  345.153851][T11077] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  345.260123][   T30] audit: type=1800 audit(1757472960.370:1733): pid=11075 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1948" name="bus" dev="loop6" ino=1048634 res=0 errno=0
[  345.426753][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.474515][T11087] bio_check_eod: 21 callbacks suppressed
[  345.474538][T11087] syz.6.1948: attempt to access beyond end of device
[  345.474538][T11087] loop6: rw=2049, sector=665, nr_sectors = 376 limit=128
[  346.224467][T11111] random: crng reseeded on system resumption
[  346.232061][T11112] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1962'.
[  346.531205][   T30] audit: type=1326 audit(1757472961.630:1734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11121 comm="syz.0.1966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  346.629681][   T30] audit: type=1326 audit(1757472961.630:1735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11121 comm="syz.0.1966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  346.706692][   T30] audit: type=1326 audit(1757472961.640:1736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11121 comm="syz.0.1966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  346.747985][   T30] audit: type=1326 audit(1757472961.640:1737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11121 comm="syz.0.1966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  346.772923][   T30] audit: type=1326 audit(1757472961.640:1738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11121 comm="syz.0.1966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  346.797023][   T30] audit: type=1326 audit(1757472961.640:1739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11121 comm="syz.0.1966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  346.820454][   T30] audit: type=1326 audit(1757472961.640:1740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11121 comm="syz.0.1966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  347.090521][   T30] kauditd_printk_skb: 10 callbacks suppressed
[  347.090545][   T30] audit: type=1326 audit(1757472962.200:1751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11121 comm="syz.0.1966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  347.141646][T11140] loop8: detected capacity change from 0 to 1024
[  347.150717][T11140] EXT4-fs: Ignoring removed bh option
[  347.156306][T11140] EXT4-fs: inline encryption not supported
[  347.167183][T11140] EXT4-fs (loop8): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  347.178353][   T30] audit: type=1326 audit(1757472962.200:1752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11121 comm="syz.0.1966" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  347.213168][T11140] EXT4-fs error (device loop8): ext4_map_blocks:778: inode #3: block 2: comm syz.8.1973: lblock 2 mapped to illegal pblock 2 (length 1)
[  347.237270][T11140] Quota error (device loop8): qtree_write_dquot: dquota write failed
[  347.247331][T11140] EXT4-fs error (device loop8): ext4_map_blocks:778: inode #3: block 48: comm syz.8.1973: lblock 0 mapped to illegal pblock 48 (length 1)
[  347.273012][T11140] Quota error (device loop8): v2_write_file_info: Can't write info structure
[  347.314085][T11140] EXT4-fs error (device loop8): ext4_acquire_dquot:6935: comm syz.8.1973: Failed to acquire dquot type 0
[  347.328192][T11140] EXT4-fs error (device loop8) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  347.345869][T11140] EXT4-fs error (device loop8): ext4_evict_inode:254: inode #11: comm syz.8.1973: mark_inode_dirty error
[  347.420357][T11140] EXT4-fs warning (device loop8): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  347.458281][T11140] EXT4-fs (loop8): 1 orphan inode deleted
[  347.493225][T11140] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  347.547724][T11148] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1976'.
[  347.549862][ T5982] EXT4-fs error (device loop8): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:9: lblock 1 mapped to illegal pblock 1 (length 1)
[  347.652692][ T5982] Quota error (device loop8): remove_tree: Can't read quota data block 1
[  347.669997][ T5982] EXT4-fs error (device loop8): ext4_release_dquot:6971: comm kworker/u8:9: Failed to release dquot type 0
[  347.815727][ T7245] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  347.830707][ T7245] EXT4-fs error (device loop8): __ext4_get_inode_loc:4860: comm syz-executor: Invalid inode table block 1 in block_group 0
[  347.859680][ T7245] EXT4-fs error (device loop8) in ext4_reserve_inode_write:6334: Corrupt filesystem
[  347.892789][ T7245] EXT4-fs error (device loop8): ext4_quota_off:7221: inode #3: comm syz-executor: mark_inode_dirty error
[  347.914738][T11158] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1980'.
[  347.937891][T11161] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1982'.
[  348.298948][T11177] loop6: detected capacity change from 0 to 256
[  348.422701][T11177] FAT-fs (loop6): Directory bread(block 64) failed
[  348.453688][T11177] FAT-fs (loop6): Directory bread(block 65) failed
[  348.461815][T11177] FAT-fs (loop6): Directory bread(block 66) failed
[  348.470006][T11177] FAT-fs (loop6): Directory bread(block 67) failed
[  348.478364][T11177] FAT-fs (loop6): Directory bread(block 68) failed
[  348.486395][T11177] FAT-fs (loop6): Directory bread(block 69) failed
[  348.493827][T11177] FAT-fs (loop6): Directory bread(block 70) failed
[  348.500557][T11177] FAT-fs (loop6): Directory bread(block 71) failed
[  348.507203][T11177] FAT-fs (loop6): Directory bread(block 72) failed
[  348.514108][T11177] FAT-fs (loop6): Directory bread(block 73) failed
[  348.748543][T11189] random: crng reseeded on system resumption
[  348.961424][T11196] loop8: detected capacity change from 0 to 512
[  349.069407][T11196] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  349.173728][T11196] ext4 filesystem being mounted at /231/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  349.334866][T11209] lo speed is unknown, defaulting to 1000
[  349.382263][T11209] lo speed is unknown, defaulting to 1000
[  349.489987][T11209] lo speed is unknown, defaulting to 1000
[  349.504042][ T7245] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  349.723349][T11209] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  349.833868][T11209] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  350.017349][T11209] lo speed is unknown, defaulting to 1000
[  350.100965][T11209] lo speed is unknown, defaulting to 1000
[  350.222556][T11209] lo speed is unknown, defaulting to 1000
[  350.333418][T11209] lo speed is unknown, defaulting to 1000
[  350.547419][T11209] lo speed is unknown, defaulting to 1000
[  350.565728][T11209] lo speed is unknown, defaulting to 1000
[  350.605683][T11245] tmpfs: Bad value for 'mpol'
[  350.612914][T11209] lo speed is unknown, defaulting to 1000
[  350.731456][   T30] audit: type=1326 audit(1757472965.830:1753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11246 comm="syz.0.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  350.829659][   T30] audit: type=1326 audit(1757472965.830:1754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11246 comm="syz.0.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  350.875000][   T30] audit: type=1326 audit(1757472965.880:1755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11246 comm="syz.0.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=85 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  350.903203][   T30] audit: type=1326 audit(1757472965.880:1756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11246 comm="syz.0.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  350.948840][   T30] audit: type=1326 audit(1757472965.880:1757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11246 comm="syz.0.2015" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  350.995387][T11249] random: crng reseeded on system resumption
[  351.109079][T11258] netlink: 156 bytes leftover after parsing attributes in process `syz.1.2021'.
[  351.195265][T11258] netlink: 'syz.1.2021': attribute type 21 has an invalid length.
[  351.237249][T11258] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2021'.
[  351.328696][T11268] loop3: detected capacity change from 0 to 1024
[  351.371974][T11268] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  351.458674][T11268] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  351.531473][T11268] EXT4-fs (loop3): orphan cleanup on readonly fs
[  351.587228][T11268] EXT4-fs error (device loop3): ext4_free_blocks:6695: comm syz.3.2025: Freeing blocks not in datazone - block = 0, count = 4096
[  351.661474][T11268] EXT4-fs (loop3): 1 orphan inode deleted
[  351.676156][T11268] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  351.875725][ T5873] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  352.650050][T11299] netlink: 'syz.1.2037': attribute type 2 has an invalid length.
[  352.657855][T11299] netlink: 5356 bytes leftover after parsing attributes in process `syz.1.2037'.
[  353.401353][T11329] loop8: detected capacity change from 0 to 512
[  353.409227][T11329] EXT4-fs: Ignoring removed i_version option
[  353.449187][T11329] EXT4-fs (loop8): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  353.487829][T11329] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e12c, mo2=0002]
[  353.546517][T11329] System zones: 1-12
[  353.562509][T11329] EXT4-fs (loop8): orphan cleanup on readonly fs
[  353.564055][T11339] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2053'.
[  353.592615][T11329] EXT4-fs error (device loop8): ext4_free_branches:1020: inode #11: comm syz.8.2050: invalid indirect mapped block 12 (level 1)
[  353.651584][T11329] EXT4-fs (loop8): Remounting filesystem read-only
[  353.669087][T11329] EXT4-fs (loop8): 1 truncate cleaned up
[  353.678819][T11329] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  353.832133][T11329] EXT4-fs warning (device loop8): dx_probe:791: inode #2: lblock 0: comm syz.8.2050: error -117 reading directory block
[  353.953406][T11345] loop2: detected capacity change from 0 to 8192
[  353.988225][ T7245] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  354.156958][T11355] FAT-fs (loop2): error, clusters badly computed (239 != 1)
[  354.174192][T11345] FAT-fs (loop2): error, clusters badly computed (241 != 240)
[  354.185941][T11355] FAT-fs (loop2): Filesystem has been set read-only
[  354.197267][T11345] FAT-fs (loop2): error, clusters badly computed (242 != 241)
[  354.216420][T11355] FAT-fs (loop2): error, clusters badly computed (242 != 2)
[  354.226776][T11345] FAT-fs (loop2): error, clusters badly computed (244 != 242)
[  354.245712][T11355] FAT-fs (loop2): error, clusters badly computed (244 != 3)
[  354.265114][T11345] FAT-fs (loop2): error, clusters badly computed (246 != 243)
[  354.283181][T11355] FAT-fs (loop2): error, clusters badly computed (246 != 4)
[  354.291190][T11355] FAT-fs (loop2): error, clusters badly computed (247 != 5)
[  354.319042][T11345] FAT-fs (loop2): error, clusters badly computed (249 != 244)
[  354.558402][T11371] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2067'.
[  356.133779][T11410] loop3: detected capacity change from 0 to 1024
[  356.191891][T11410] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  356.248665][T11410] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  356.367328][T11410] EXT4-fs (loop3): orphan cleanup on readonly fs
[  356.402293][T11410] EXT4-fs error (device loop3): ext4_free_blocks:6695: comm syz.3.2083: Freeing blocks not in datazone - block = 0, count = 4096
[  356.458561][T11410] EXT4-fs (loop3): 1 orphan inode deleted
[  356.488411][T11410] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  356.656724][ T5873] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.893421][T11425] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2087'.
[  356.954932][T11431] netlink: 'syz.3.2087': attribute type 21 has an invalid length.
[  357.027165][T11425] loop3: detected capacity change from 0 to 1024
[  357.049454][T11425] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  357.066566][T11425] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  357.157921][T11431] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2087'.
[  357.160633][T11425] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #2: comm syz.3.2087: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 2, max 1(4), depth 0(0)
[  357.228042][T11425] EXT4-fs (loop3): no journal found
[  357.714343][T11445] random: crng reseeded on system resumption
[  357.854221][T11443] Falling back ldisc for ttyS3.
[  359.259053][T11473] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  359.480003][ T5879] Bluetooth: hci4: command 0x0406 tx timeout
[  359.821335][T11485] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2114'.
[  359.905212][T11485] netlink: 348 bytes leftover after parsing attributes in process `syz.6.2114'.
[  359.988888][T11485] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2114'.
[  360.036145][T11485] netlink: 348 bytes leftover after parsing attributes in process `syz.6.2114'.
[  360.094077][T11487] loop3: detected capacity change from 0 to 1024
[  360.111684][T11485] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2114'.
[  360.340085][T11487] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  360.396739][T11487] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  360.430246][T11487] EXT4-fs (loop3): orphan cleanup on readonly fs
[  360.480007][T11487] EXT4-fs error (device loop3): ext4_free_blocks:6695: comm syz.3.2115: Freeing blocks not in datazone - block = 0, count = 4096
[  360.562415][T11487] EXT4-fs (loop3): 1 orphan inode deleted
[  360.582416][T11487] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  360.881982][ T5873] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  361.018444][T11502] netlink: 'syz.6.2119': attribute type 10 has an invalid length.
[  362.717067][   T30] kauditd_printk_skb: 14 callbacks suppressed
[  362.717091][   T30] audit: type=1326 audit(1757472977.820:1772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11522 comm="syz.1.2129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7efef8eba9 code=0x7ffc0000
[  362.824466][   T30] audit: type=1326 audit(1757472977.870:1773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11522 comm="syz.1.2129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f7efef8eba9 code=0x7ffc0000
[  362.858660][   T30] audit: type=1326 audit(1757472977.870:1774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11522 comm="syz.1.2129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7efef8eba9 code=0x7ffc0000
[  362.942521][   T30] audit: type=1326 audit(1757472977.870:1775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11522 comm="syz.1.2129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7efef8eba9 code=0x7ffc0000
[  363.004825][   T30] audit: type=1326 audit(1757472977.870:1776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11522 comm="syz.1.2129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7efef8eba9 code=0x7ffc0000
[  363.104428][   T30] audit: type=1326 audit(1757472977.870:1777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11522 comm="syz.1.2129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7efef8eba9 code=0x7ffc0000
[  363.171978][   T30] audit: type=1326 audit(1757472977.870:1778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11522 comm="syz.1.2129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7efef8eba9 code=0x7ffc0000
[  363.275408][   T30] audit: type=1326 audit(1757472977.870:1779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11522 comm="syz.1.2129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7efef8eba9 code=0x7ffc0000
[  363.356627][   T30] audit: type=1326 audit(1757472977.870:1780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11522 comm="syz.1.2129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7efef8eba9 code=0x7ffc0000
[  363.444633][   T30] audit: type=1326 audit(1757472977.890:1781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11522 comm="syz.1.2129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7efef8eba9 code=0x7ffc0000
[  364.026934][T11537] loop8: detected capacity change from 0 to 512
[  364.142305][T11537] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  364.189744][T11537] ext4 filesystem being mounted at /251/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  364.359414][T11549] random: crng reseeded on system resumption
[  364.436682][ T7245] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  364.996792][T11561] random: crng reseeded on system resumption
[  365.211118][T11565] loop8: detected capacity change from 0 to 128
[  365.279770][T11565] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  365.311590][T11565] ext4 filesystem being mounted at /253/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  365.744171][ T7245] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  366.527608][T11590] loop0: detected capacity change from 0 to 512
[  366.616784][T11590] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  366.721327][T11590] ext4 filesystem being mounted at /392/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  366.963657][ T5860] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  367.556173][T11622] netlink: 'syz.1.2165': attribute type 10 has an invalid length.
[  367.569951][T11622] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2165'.
[  367.834118][T11632] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2169'.
[  367.860953][T11632] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2169'.
[  368.000330][T11636] tipc: Started in network mode
[  368.005248][T11636] tipc: Node identity ee6c407bb037, cluster identity 4711
[  368.050808][T11636] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  368.157849][T11626] tipc: Resetting bearer <eth:syzkaller0>
[  368.587724][T11651] loop2: detected capacity change from 0 to 164
[  368.638150][T11651] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  368.733997][T11651] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  368.956025][T11657] random: crng reseeded on system resumption
[  369.159889][  T914] tipc: Node number set to 1583038587
[  369.330595][T11668] loop6: detected capacity change from 0 to 1024
[  369.371611][T11668] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  369.439741][T11668] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  369.506392][T11673] netlink: 'syz.0.2183': attribute type 10 has an invalid length.
[  369.518367][T11668] EXT4-fs (loop6): orphan cleanup on readonly fs
[  369.521339][T11673] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2183'.
[  369.545505][T11668] EXT4-fs error (device loop6): ext4_free_blocks:6695: comm syz.6.2181: Freeing blocks not in datazone - block = 0, count = 4096
[  369.596071][T11668] EXT4-fs (loop6): 1 orphan inode deleted
[  369.605124][T11668] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  369.666502][ T8428] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  369.776145][T11679] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2185'.
[  370.681287][T11626] tipc: Disabling bearer <eth:syzkaller0>
[  370.850682][T11688] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  371.082769][T11698] random: crng reseeded on system resumption
[  371.319017][T11702] pim6reg: entered allmulticast mode
[  371.343781][T11702] pim6reg: left allmulticast mode
[  371.454398][T11710] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2197'.
[  371.457775][T11713] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-xor(2)
[  371.496988][T11710] netlink: 348 bytes leftover after parsing attributes in process `syz.2.2197'.
[  371.511708][T11710] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2197'.
[  371.531158][T11716] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2199'.
[  371.536809][T11710] netlink: 348 bytes leftover after parsing attributes in process `syz.2.2197'.
[  371.549348][   T30] kauditd_printk_skb: 6 callbacks suppressed
[  371.549372][   T30] audit: type=1326 audit(1757472986.650:1788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11711 comm="syz.0.2198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  371.587436][T11717] netlink: 'syz.6.2200': attribute type 10 has an invalid length.
[  371.593278][   T30] audit: type=1326 audit(1757472986.650:1789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11711 comm="syz.0.2198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  371.624215][   T30] audit: type=1326 audit(1757472986.650:1790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11711 comm="syz.0.2198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  371.667488][   T30] audit: type=1326 audit(1757472986.650:1791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11711 comm="syz.0.2198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  371.847484][   T30] audit: type=1326 audit(1757472986.650:1792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11711 comm="syz.0.2198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  371.860776][T11721] loop3: detected capacity change from 0 to 512
[  371.880990][T11717] team0: Port device geneve0 added
[  371.904452][   T30] audit: type=1326 audit(1757472986.650:1793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11711 comm="syz.0.2198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  371.985007][   T30] audit: type=1326 audit(1757472986.650:1794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11711 comm="syz.0.2198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  372.057613][T11721] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  372.062151][   T30] audit: type=1326 audit(1757472986.650:1795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11711 comm="syz.0.2198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=115 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  372.097274][   T30] audit: type=1326 audit(1757472986.650:1796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11711 comm="syz.0.2198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  372.114446][T11721] ext4 filesystem being mounted at /386/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  372.149654][   T30] audit: type=1326 audit(1757472986.650:1797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11711 comm="syz.0.2198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  372.402093][ T5873] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  372.653059][T11749] random: crng reseeded on system resumption
[  372.781391][T11753] __nla_validate_parse: 5 callbacks suppressed
[  372.781416][T11753] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2215'.
[  372.850081][T11753] netlink: 348 bytes leftover after parsing attributes in process `syz.6.2215'.
[  372.859157][T11753] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2215'.
[  372.929900][T11753] netlink: 348 bytes leftover after parsing attributes in process `syz.6.2215'.
[  372.978073][T11753] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2215'.
[  373.004699][T11763] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2219'.
[  373.020462][T11758] loop3: detected capacity change from 0 to 512
[  373.108085][T11758] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.2216: iget: bad i_size value: 38620345925642
[  373.166480][T11758] EXT4-fs error (device loop3): ext4_orphan_get:1395: comm syz.3.2216: couldn't read orphan inode 15 (err -117)
[  373.239981][  T914] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  373.282511][T11758] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  373.409921][  T914] usb 3-1: Using ep0 maxpacket: 16
[  373.435684][  T914] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  373.469328][  T914] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  373.561644][  T914] usb 3-1: Product: syz
[  373.600106][  T914] usb 3-1: Manufacturer: syz
[  373.604721][  T914] usb 3-1: SerialNumber: syz
[  373.637582][ T5873] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  373.655998][T11780] netlink: 'syz.6.2223': attribute type 1 has an invalid length.
[  373.678710][  T914] r8152-cfgselector 3-1: Unknown version 0x0000
[  373.695978][  T914] r8152-cfgselector 3-1: config 0 descriptor??
[  373.708212][T11783] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2223'.
[  373.820654][T11780] 8021q: adding VLAN 0 to HW filter on device bond1
[  374.076916][T11792] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2224'.
[  375.744378][T11783] bond1 (unregistering): Released all slaves
[  376.442231][T11808] random: crng reseeded on system resumption
[  376.539968][T11812] syzkaller1: entered promiscuous mode
[  376.565282][T11812] syzkaller1: entered allmulticast mode
[  376.716571][T11817] netlink: 156 bytes leftover after parsing attributes in process `syz.6.2235'.
[  376.777287][T11817] netlink: 'syz.6.2235': attribute type 21 has an invalid length.
[  376.849967][T11817] netlink: 132 bytes leftover after parsing attributes in process `syz.6.2235'.
[  376.860141][  T914] r8152-cfgselector 3-1: Unknown version 0x0000
[  376.881409][  T914] r8152-cfgselector 3-1: bad CDC descriptors
[  376.892682][  T914] r8152-cfgselector 3-1: USB disconnect, device number 2
[  376.909063][T11820] loop6: detected capacity change from 0 to 1024
[  376.933524][T11820] EXT4-fs (loop6): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  376.947081][T11820] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  377.005419][T11820] EXT4-fs error (device loop6): ext4_ext_check_inode:523: inode #2: comm syz.6.2235: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 2, max 1(4), depth 0(0)
[  377.071284][T11820] EXT4-fs (loop6): no journal found
[  377.890533][T11847] random: crng reseeded on system resumption
[  377.946564][   T30] kauditd_printk_skb: 22 callbacks suppressed
[  377.946589][   T30] audit: type=1326 audit(1757472993.050:1820): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11844 comm="syz.0.2246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  378.059669][   T30] audit: type=1326 audit(1757472993.050:1821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11844 comm="syz.0.2246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  378.159726][   T30] audit: type=1326 audit(1757472993.050:1822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11844 comm="syz.0.2246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  378.321307][   T30] audit: type=1326 audit(1757472993.050:1823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11844 comm="syz.0.2246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  378.423515][   T30] audit: type=1326 audit(1757472993.060:1824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11844 comm="syz.0.2246" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  378.453074][T11859] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2252'.
[  378.476840][T11859] netlink: 348 bytes leftover after parsing attributes in process `syz.0.2252'.
[  378.494475][T11859] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2252'.
[  378.506337][T11859] netlink: 348 bytes leftover after parsing attributes in process `syz.0.2252'.
[  378.547790][T11859] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2252'.
[  378.700046][ T5960] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  378.775712][T11866] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in;
[  378.775712][T11866]    program }\)\ not setting count and/or reply_len properly
[  378.881022][ T5960] usb 2-1: Using ep0 maxpacket: 16
[  378.895452][ T5960] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  378.942496][ T5960] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  379.003875][ T5960] usb 2-1: Product: syz
[  379.029014][ T5960] usb 2-1: Manufacturer: syz
[  379.071183][ T5960] usb 2-1: SerialNumber: syz
[  379.081111][T11871] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2256'.
[  379.082732][T11868] loop2: detected capacity change from 0 to 512
[  379.128522][ T5960] r8152-cfgselector 2-1: Unknown version 0x0000
[  379.147418][ T5960] r8152-cfgselector 2-1: config 0 descriptor??
[  379.157592][T11868] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.2255: iget: bad i_size value: 38620345925642
[  379.254743][T11868] EXT4-fs error (device loop2): ext4_orphan_get:1395: comm syz.2.2255: couldn't read orphan inode 15 (err -117)
[  379.324292][T11868] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  380.115722][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  380.501843][T11890] loop2: detected capacity change from 0 to 512
[  380.510683][T11890] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  380.538627][T11890] EXT4-fs (loop2): 1 truncate cleaned up
[  380.555676][T11890] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  380.598116][   T30] audit: type=1800 audit(1757472995.700:1825): pid=11890 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2262" name="file1" dev="loop2" ino=15 res=0 errno=0
[  381.205500][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  381.459151][T11901] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2267'.
[  381.494252][T11901] netlink: 348 bytes leftover after parsing attributes in process `syz.2.2267'.
[  381.522505][T11901] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2267'.
[  381.537353][ T5960] r8152-cfgselector 2-1: Unknown version 0x0000
[  381.556634][ T5960] r8152-cfgselector 2-1: bad CDC descriptors
[  381.574488][ T5960] r8152-cfgselector 2-1: USB disconnect, device number 3
[  381.589356][T11901] netlink: 348 bytes leftover after parsing attributes in process `syz.2.2267'.
[  382.176134][T11922] netlink: 'syz.6.2276': attribute type 4 has an invalid length.
[  382.669689][ T5868] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  382.691806][T11936] sd 0:0:1:0: device reset
[  382.829904][ T5868] usb 7-1: Using ep0 maxpacket: 16
[  382.852502][ T5868] usb 7-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  382.878545][ T5868] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  382.905686][ T5868] usb 7-1: Product: syz
[  382.916660][ T5868] usb 7-1: Manufacturer: syz
[  382.936449][ T5868] usb 7-1: SerialNumber: syz
[  382.954341][ T5868] r8152-cfgselector 7-1: Unknown version 0x0000
[  382.962738][ T5868] r8152-cfgselector 7-1: config 0 descriptor??
[  384.918277][   T30] audit: type=1326 audit(1757473000.020:1826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11966 comm="syz.3.2295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  384.962015][   T30] audit: type=1326 audit(1757473000.020:1827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11966 comm="syz.3.2295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  384.997473][   T30] audit: type=1326 audit(1757473000.070:1828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11966 comm="syz.3.2295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  385.030671][   T30] audit: type=1326 audit(1757473000.070:1829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11966 comm="syz.3.2295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  385.135522][   T30] audit: type=1326 audit(1757473000.070:1830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11966 comm="syz.3.2295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  385.177978][   T30] audit: type=1326 audit(1757473000.090:1831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11966 comm="syz.3.2295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=432 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  385.218272][   T30] audit: type=1326 audit(1757473000.090:1832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11966 comm="syz.3.2295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  385.250606][   T30] audit: type=1326 audit(1757473000.090:1833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11966 comm="syz.3.2295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  385.356603][   T30] audit: type=1326 audit(1757473000.090:1834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11966 comm="syz.3.2295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  385.472040][ T5868] r8152-cfgselector 7-1: Unknown version 0x0000
[  385.481261][ T5868] r8152-cfgselector 7-1: bad CDC descriptors
[  385.526357][ T5868] r8152-cfgselector 7-1: USB disconnect, device number 7
[  385.572013][   T30] audit: type=1326 audit(1757473000.090:1835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11966 comm="syz.3.2295" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  385.933733][T11981] __nla_validate_parse: 6 callbacks suppressed
[  385.933758][T11981] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2300'.
[  385.973282][T11981] netlink: 348 bytes leftover after parsing attributes in process `syz.2.2300'.
[  386.012141][T11981] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2300'.
[  386.043498][T11981] netlink: 348 bytes leftover after parsing attributes in process `syz.2.2300'.
[  386.125232][T11981] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2300'.
[  386.268401][T11986] loop3: detected capacity change from 0 to 1024
[  386.332221][T11986] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  386.432285][T11986] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  386.466988][T11986] EXT4-fs (loop3): orphan cleanup on readonly fs
[  386.511077][T11986] EXT4-fs error (device loop3): ext4_free_blocks:6695: comm syz.3.2303: Freeing blocks not in datazone - block = 0, count = 4096
[  386.529213][T11830] Set syz1 is full, maxelem 65536 reached
[  386.598349][T11986] EXT4-fs (loop3): 1 orphan inode deleted
[  386.619776][T11986] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  386.776621][ T5873] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  386.848328][T12006] netlink: 24 bytes leftover after parsing attributes in process `syz.8.2309'.
[  386.922705][T12007] Set syz1 is full, maxelem 65536 reached
[  386.966314][T12009] loop3: detected capacity change from 0 to 164
[  386.987264][T12009] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  387.030683][T12011] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2311'.
[  387.092837][T11994] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0
[  387.723847][T12040] random: crng reseeded on system resumption
[  388.139902][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  388.227916][T12056] netlink: 'syz.0.2330': attribute type 4 has an invalid length.
[  388.264281][T12056] netlink: 'syz.0.2330': attribute type 4 has an invalid length.
[  388.879163][T12088] random: crng reseeded on system resumption
[  389.178335][T12100] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2348'.
[  389.452756][T12112] loop8: detected capacity change from 0 to 512
[  389.462667][T12112] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  389.499453][T12112] EXT4-fs (loop8): 1 truncate cleaned up
[  389.561265][T12112] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  389.776588][T12122] lo speed is unknown, defaulting to 1000
[  389.780946][ T7245] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  389.795545][T12125] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2358'.
[  389.815926][T12125] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2358'.
[  390.048291][T12132] random: crng reseeded on system resumption
[  390.148407][T12136] loop3: detected capacity change from 0 to 1024
[  390.173915][T12136] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  390.222864][T12136] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  390.237742][T12136] EXT4-fs (loop3): orphan cleanup on readonly fs
[  390.261339][T12136] EXT4-fs error (device loop3): ext4_free_blocks:6695: comm syz.3.2363: Freeing blocks not in datazone - block = 0, count = 4096
[  390.308228][T12136] EXT4-fs (loop3): 1 orphan inode deleted
[  390.329961][T12136] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  390.747325][ T5873] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  391.139682][T12152] loop6: detected capacity change from 0 to 512
[  391.207369][T12152] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  391.252709][T12152] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[  391.262002][T12152] System zones: 1-12
[  391.309026][T12152] EXT4-fs error (device loop6): ext4_iget_extra_inode:5103: inode #15: comm syz.6.2369: corrupted in-inode xattr: e_value size too large
[  391.361045][T12152] EXT4-fs error (device loop6): ext4_orphan_get:1395: comm syz.6.2369: couldn't read orphan inode 15 (err -117)
[  391.505818][T12152] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  391.599012][T12170] netlink: 'syz.1.2376': attribute type 13 has an invalid length.
[  391.773515][T12170] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  391.810598][ T5960] lo speed is unknown, defaulting to 1000
[  391.824470][ T8428] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  392.008062][T12179] pim6reg: entered allmulticast mode
[  392.050945][T12184] pim6reg: left allmulticast mode
[  392.259834][   T30] kauditd_printk_skb: 19 callbacks suppressed
[  392.259860][   T30] audit: type=1326 audit(1757473007.350:1855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  392.376338][   T30] audit: type=1326 audit(1757473007.350:1856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  392.456855][   T30] audit: type=1326 audit(1757473007.420:1857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  392.485520][   T30] audit: type=1326 audit(1757473007.420:1858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  392.553642][   T30] audit: type=1326 audit(1757473007.420:1859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  392.613785][   T30] audit: type=1326 audit(1757473007.420:1860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  392.655616][   T30] audit: type=1326 audit(1757473007.420:1861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  392.680720][   T30] audit: type=1326 audit(1757473007.420:1862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  392.708178][   T30] audit: type=1326 audit(1757473007.430:1863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  392.825338][   T30] audit: type=1326 audit(1757473007.430:1864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12191 comm="syz.3.2383" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  392.898981][T12213] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  393.190481][T12223] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2393'.
[  393.393688][T12229] loop3: detected capacity change from 0 to 164
[  393.479053][T12229] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  393.568841][T12229] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  393.907384][T12241] netlink: 52 bytes leftover after parsing attributes in process `syz.8.2401'.
[  393.995484][T12245] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2404'.
[  394.023883][T12241] loop8: detected capacity change from 0 to 512
[  394.090768][T12241] EXT4-fs error (device loop8): ext4_orphan_get:1392: inode #15: comm syz.8.2401: iget: bad i_size value: 38620345925642
[  394.120231][T12241] EXT4-fs error (device loop8): ext4_orphan_get:1395: comm syz.8.2401: couldn't read orphan inode 15 (err -117)
[  394.162057][T12241] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  394.674033][ T7245] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  395.498186][T12296] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2422'.
[  395.537085][T12296] netlink: 348 bytes leftover after parsing attributes in process `syz.3.2422'.
[  395.554983][T12296] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2422'.
[  395.578172][T12296] netlink: 348 bytes leftover after parsing attributes in process `syz.3.2422'.
[  395.588362][T12296] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2422'.
[  395.765183][T12303] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2426'.
[  395.833131][T12306] loop8: detected capacity change from 0 to 16384
[  395.855332][T12303] loop2: detected capacity change from 0 to 512
[  395.898332][T12309] netlink: 52 bytes leftover after parsing attributes in process `syz.6.2429'.
[  395.940793][T12310] loop8: detected capacity change from 16384 to 0
[  395.949503][T12303] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.2426: iget: bad i_size value: 38620345925642
[  395.977668][T12303] EXT4-fs error (device loop2): ext4_orphan_get:1395: comm syz.2.2426: couldn't read orphan inode 15 (err -117)
[  396.025466][T12303] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  396.247416][T12320] loop6: detected capacity change from 0 to 1024
[  396.282372][T12320] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  396.342855][T12320] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  396.362892][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  396.380680][T12320] EXT4-fs (loop6): orphan cleanup on readonly fs
[  396.394491][T12320] EXT4-fs error (device loop6): ext4_free_blocks:6695: comm syz.6.2433: Freeing blocks not in datazone - block = 0, count = 4096
[  396.409136][T12320] EXT4-fs (loop6): 1 orphan inode deleted
[  396.417073][T12320] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  396.488449][ T8428] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  396.828246][T12340] netlink: 'syz.1.2440': attribute type 4 has an invalid length.
[  396.921848][T12344] netlink: 'syz.1.2440': attribute type 4 has an invalid length.
[  396.963883][   T44] lo speed is unknown, defaulting to 1000
[  396.969742][  T914] lo speed is unknown, defaulting to 1000
[  397.175296][T12352] random: crng reseeded on system resumption
[  397.225108][T12356] loop6: detected capacity change from 0 to 512
[  397.259789][T12356] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  397.316405][T12356] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[  397.331155][T12356] System zones: 1-12
[  397.349087][T12356] EXT4-fs error (device loop6): ext4_iget_extra_inode:5103: inode #15: comm syz.6.2445: corrupted in-inode xattr: e_value size too large
[  397.384264][T12356] EXT4-fs error (device loop6): ext4_orphan_get:1395: comm syz.6.2445: couldn't read orphan inode 15 (err -117)
[  397.410538][T12356] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  397.845762][ T8428] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  398.130136][T12382] netlink: 'syz.3.2456': attribute type 2 has an invalid length.
[  398.402470][T12393] __nla_validate_parse: 2 callbacks suppressed
[  398.402496][T12393] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2460'.
[  398.446645][T12394] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2461'.
[  398.491113][T12394] netlink: 348 bytes leftover after parsing attributes in process `syz.0.2461'.
[  398.529662][T12394] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2461'.
[  398.622775][T12396] pim6reg: entered allmulticast mode
[  398.628415][T12394] netlink: 348 bytes leftover after parsing attributes in process `syz.0.2461'.
[  398.688719][T12394] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2461'.
[  398.919918][T12403] batadv2: entered promiscuous mode
[  398.978696][T12400] loop6: detected capacity change from 0 to 8192
[  399.217644][T12409] ref_ctr_offset mismatch. inode: 0x8fa offset: 0x0 ref_ctr_offset(old): 0x8000000 ref_ctr_offset(new): 0x4a000000
[  399.314513][   T30] kauditd_printk_skb: 23 callbacks suppressed
[  399.314537][   T30] audit: type=1326 audit(1757473014.420:1888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12413 comm="syz.0.2469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  399.412585][   T30] audit: type=1326 audit(1757473014.460:1889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12413 comm="syz.0.2469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  399.518264][   T30] audit: type=1326 audit(1757473014.460:1890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12413 comm="syz.0.2469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  399.586847][   T30] audit: type=1326 audit(1757473014.460:1891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12413 comm="syz.0.2469" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  399.614357][T12423] random: crng reseeded on system resumption
[  399.655130][T12421] loop0: detected capacity change from 0 to 1024
[  399.688893][T12421] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  399.735188][T12421] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  399.749313][T12421] EXT4-fs (loop0): orphan cleanup on readonly fs
[  399.779100][T12421] EXT4-fs error (device loop0): ext4_free_blocks:6695: comm syz.0.2471: Freeing blocks not in datazone - block = 0, count = 4096
[  399.881506][T12421] EXT4-fs (loop0): 1 orphan inode deleted
[  399.912282][T12421] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  400.240404][ T5860] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  400.400674][T12444] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2480'.
[  401.204657][T12442] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0
[  401.775476][T12492] loop2: detected capacity change from 0 to 512
[  401.846948][T12492] journal_path: Lookup failure for './file0/../file0'
[  401.860863][T12492] EXT4-fs: error: could not find journal device path
[  402.441030][T12513] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2508'.
[  402.480049][T12513] netlink: 348 bytes leftover after parsing attributes in process `syz.2.2508'.
[  402.513495][T12513] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2508'.
[  402.651112][T12523] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  402.850456][T12527] random: crng reseeded on system resumption
[  402.906838][ T5960] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  403.080189][ T5960] usb 4-1: Using ep0 maxpacket: 16
[  403.098760][ T5960] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  403.136823][ T5960] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  403.174373][ T5960] usb 4-1: Product: syz
[  403.192051][ T5960] usb 4-1: Manufacturer: syz
[  403.213462][ T5960] usb 4-1: SerialNumber: syz
[  403.249692][ T5960] r8152-cfgselector 4-1: Unknown version 0x0000
[  403.275324][ T5960] r8152-cfgselector 4-1: config 0 descriptor??
[  403.476749][T12546] loop6: detected capacity change from 0 to 512
[  403.503507][T12546] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  403.807435][T12546] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[  403.817664][   T30] audit: type=1326 audit(1757473018.920:1892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12549 comm="syz.0.2521" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f178b98eba9 code=0x0
[  403.839022][T12546] System zones: 1-12
[  404.023792][T12546] EXT4-fs error (device loop6): ext4_iget_extra_inode:5103: inode #15: comm syz.6.2519: corrupted in-inode xattr: e_value size too large
[  404.404539][T12546] EXT4-fs error (device loop6): ext4_orphan_get:1395: comm syz.6.2519: couldn't read orphan inode 15 (err -117)
[  404.718855][T12546] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  404.915622][ T8428] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  405.152440][T12572] lo speed is unknown, defaulting to 1000
[  405.211614][T12576] random: crng reseeded on system resumption
[  405.678131][T12590] netlink: 'syz.0.2533': attribute type 2 has an invalid length.
[  405.705115][T12590] __nla_validate_parse: 5 callbacks suppressed
[  405.705137][T12590] netlink: 5356 bytes leftover after parsing attributes in process `syz.0.2533'.
[  405.892475][ T5960] r8152-cfgselector 4-1: Unknown version 0x0000
[  405.899173][ T5960] r8152-cfgselector 4-1: bad CDC descriptors
[  405.939924][ T5960] r8152-cfgselector 4-1: USB disconnect, device number 4
[  406.082940][T12600] loop0: detected capacity change from 0 to 1024
[  406.119469][T12600] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  406.191253][T12605] loop3: detected capacity change from 0 to 1024
[  406.216120][T12605] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  406.247928][   T30] audit: type=1800 audit(1757473021.350:1893): pid=12600 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2537" name="bus" dev="loop0" ino=18 res=0 errno=0
[  406.277836][T12605] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  406.311257][T12600] EXT4-fs error (device loop0): mb_free_blocks:2014: group 0, inode 18: block 177:freeing already freed block (bit 11); block bitmap corrupt.
[  406.331383][T12605] EXT4-fs (loop3): orphan cleanup on readonly fs
[  406.338851][T12605] EXT4-fs error (device loop3): ext4_free_blocks:6695: comm syz.3.2538: Freeing blocks not in datazone - block = 0, count = 4096
[  406.370200][T12605] EXT4-fs (loop3): 1 orphan inode deleted
[  406.390123][T12605] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  406.456370][ T5860] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  406.456647][T12609] loop2: detected capacity change from 0 to 512
[  406.548678][T12609] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  406.596780][T12609] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[  406.610221][T12609] System zones: 1-12
[  406.634813][T12609] EXT4-fs error (device loop2): ext4_iget_extra_inode:5103: inode #15: comm syz.2.2539: corrupted in-inode xattr: e_value size too large
[  406.652433][ T5873] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  406.753772][T12609] EXT4-fs error (device loop2): ext4_orphan_get:1395: comm syz.2.2539: couldn't read orphan inode 15 (err -117)
[  406.793771][T12615] loop6: detected capacity change from 0 to 512
[  406.800995][T12609] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  406.964509][T12615] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  407.000092][T12615] ext4 filesystem being mounted at /256/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  407.149278][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  407.281418][T12629] lo speed is unknown, defaulting to 1000
[  407.844651][   T30] audit: type=1326 audit(1757473022.950:1894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12651 comm="syz.3.2554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  407.867136][    C1] vkms_vblank_simulate: vblank timer overrun
[  407.898868][   T30] audit: type=1326 audit(1757473022.950:1895): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12651 comm="syz.3.2554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  407.970554][   T30] audit: type=1326 audit(1757473022.950:1896): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12651 comm="syz.3.2554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  408.053234][   T30] audit: type=1326 audit(1757473022.950:1897): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12651 comm="syz.3.2554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  408.138574][   T30] audit: type=1326 audit(1757473022.950:1898): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12651 comm="syz.3.2554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  408.175230][   T30] audit: type=1326 audit(1757473022.950:1899): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12651 comm="syz.3.2554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=451 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  408.197669][    C1] vkms_vblank_simulate: vblank timer overrun
[  408.228073][   T30] audit: type=1326 audit(1757473022.950:1900): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12651 comm="syz.3.2554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  408.250502][    C1] vkms_vblank_simulate: vblank timer overrun
[  408.274649][   T30] audit: type=1326 audit(1757473022.980:1901): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12651 comm="syz.3.2554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  408.690521][T12666] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2557'.
[  408.699435][T12666] netlink: 348 bytes leftover after parsing attributes in process `syz.8.2557'.
[  408.775012][T12666] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2557'.
[  408.847974][T12666] netlink: 348 bytes leftover after parsing attributes in process `syz.8.2557'.
[  408.860238][T12666] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2557'.
[  409.091115][ T8428] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  409.441657][T12681] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2564'.
[  409.465292][T12681] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2564'.
[  409.747831][T12687] loop8: detected capacity change from 0 to 512
[  409.791775][T12690] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2567'.
[  409.881137][T12687] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  409.952297][T12687] ext4 filesystem being mounted at /311/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  410.164609][ T7245] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  410.437405][T12703] bond0: (slave dummy0): Releasing backup interface
[  410.502474][T12703] bridge_slave_0: left allmulticast mode
[  410.525663][T12703] bridge_slave_0: left promiscuous mode
[  410.563565][T12703] bridge0: port 1(bridge_slave_0) entered disabled state
[  410.732705][T12703] bridge_slave_1: left allmulticast mode
[  410.738382][T12703] bridge_slave_1: left promiscuous mode
[  410.782434][T12715] random: crng reseeded on system resumption
[  410.799001][T12703] bridge0: port 2(bridge_slave_1) entered disabled state
[  410.905467][T12703] bond0: (slave bond_slave_0): Releasing backup interface
[  410.950770][T12703] bond0: (slave bond_slave_1): Releasing backup interface
[  411.093585][T12703] team0: Port device team_slave_0 removed
[  411.146764][T12703] team0: Port device team_slave_1 removed
[  411.162685][T12703] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  411.199178][T12703] batman_adv: batadv0: Removing interface: batadv_slave_0
[  411.215955][T12724] netlink: 'syz.2.2578': attribute type 4 has an invalid length.
[  411.263609][T12703] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  411.280046][T12703] batman_adv: batadv0: Removing interface: batadv_slave_1
[  411.351134][T12703] team0: Port device geneve0 removed
[  411.611534][T12705] A link change request failed with some changes committed already. Interface veth0_to_hsr may have been left with an inconsistent configuration, please check.
[  411.843748][T12656] warn_alloc: 2 callbacks suppressed
[  411.843773][T12656] syz.3.2555: vmalloc error: size 35651584, failed to allocated page array size 69632, mode:0x400dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  411.899921][T12656] CPU: 1 UID: 0 PID: 12656 Comm: syz.3.2555 Not tainted syzkaller #0 PREEMPT(full) 
[  411.899970][T12656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  411.899991][T12656] Call Trace:
[  411.900002][T12656]  <TASK>
[  411.900016][T12656]  dump_stack_lvl+0x16c/0x1f0
[  411.900079][T12656]  warn_alloc+0x248/0x3a0
[  411.900138][T12656]  ? __pfx_warn_alloc+0x10/0x10
[  411.900214][T12656]  ? hash_netport4_resize+0x1d8/0x1c50
[  411.900259][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.900303][T12656]  ? __vmalloc_node_noprof+0xad/0xf0
[  411.900359][T12656]  __vmalloc_node_range_noprof+0x101b/0x14b0
[  411.900408][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.900466][T12656]  ? hash_netport4_resize+0x1d8/0x1c50
[  411.900525][T12656]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  411.900581][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.900631][T12656]  ? ___kmalloc_large_node+0xed/0x160
[  411.900675][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.900727][T12656]  __kvmalloc_node_noprof+0x30a/0x620
[  411.900781][T12656]  ? hash_netport4_resize+0x1d8/0x1c50
[  411.900826][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.900871][T12656]  ? __kmalloc_noprof+0x242/0x510
[  411.900924][T12656]  ? hash_netport4_resize+0x1d8/0x1c50
[  411.900969][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.901022][T12656]  ? hash_netport4_resize+0x1d8/0x1c50
[  411.901067][T12656]  hash_netport4_resize+0x1d8/0x1c50
[  411.901116][T12656]  ? __pfx_hash_netport4_add+0x10/0x10
[  411.901162][T12656]  ? __pfx_hash_netport4_uadt+0x10/0x10
[  411.901201][T12656]  ? __pfx___mutex_lock+0x10/0x10
[  411.901268][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.901324][T12656]  ? __pfx_hash_netport4_resize+0x10/0x10
[  411.901373][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.901424][T12656]  call_ad.constprop.0+0x36d/0x940
[  411.901471][T12656]  ? __pfx_hash_netport4_resize+0x10/0x10
[  411.901524][T12656]  ? __pfx_call_ad.constprop.0+0x10/0x10
[  411.901569][T12656]  ? __pfx___nla_validate_parse+0x10/0x10
[  411.901624][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.901670][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.901726][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.901769][T12656]  ? __nla_parse+0x40/0x60
[  411.901817][T12656]  ip_set_ad.constprop.0.isra.0+0x3ce/0x870
[  411.901878][T12656]  ? __pfx_ip_set_ad.constprop.0.isra.0+0x10/0x10
[  411.901930][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.901974][T12656]  ? rcu_sync_func+0x10/0x1a0
[  411.902071][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.902115][T12656]  ? find_held_lock+0x2b/0x80
[  411.902164][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.902218][T12656]  nfnetlink_rcv_msg+0x9fc/0x1200
[  411.902283][T12656]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  411.902337][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.902380][T12656]  ? consume_skb+0xcc/0x100
[  411.902462][T12656]  ? __pfx___dev_queue_xmit+0x10/0x10
[  411.902522][T12656]  netlink_rcv_skb+0x158/0x420
[  411.902558][T12656]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  411.902609][T12656]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  411.902645][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.902713][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.902756][T12656]  ? ns_capable+0xd7/0x110
[  411.902807][T12656]  nfnetlink_rcv+0x1b3/0x430
[  411.902852][T12656]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  411.902895][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.902939][T12656]  ? netlink_deliver_tap+0x1ae/0xd30
[  411.903007][T12656]  netlink_unicast+0x5aa/0x870
[  411.903076][T12656]  ? __pfx_netlink_unicast+0x10/0x10
[  411.903137][T12656]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  411.903195][T12656]  ? __lock_acquire+0xb97/0x1ce0
[  411.903267][T12656]  netlink_sendmsg+0x8d1/0xdd0
[  411.903337][T12656]  ? __pfx_netlink_sendmsg+0x10/0x10
[  411.903394][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.903446][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.903489][T12656]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  411.903539][T12656]  ____sys_sendmsg+0xa98/0xc70
[  411.903582][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.903629][T12656]  ? copy_msghdr_from_user+0x10a/0x160
[  411.903687][T12656]  ? __pfx_____sys_sendmsg+0x10/0x10
[  411.903741][T12656]  ? __pfx_futex_wake_mark+0x10/0x10
[  411.903791][T12656]  ___sys_sendmsg+0x134/0x1d0
[  411.903851][T12656]  ? __pfx____sys_sendmsg+0x10/0x10
[  411.903934][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.904015][T12656]  __sys_sendmsg+0x16d/0x220
[  411.904073][T12656]  ? __pfx___sys_sendmsg+0x10/0x10
[  411.904129][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.904173][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.904237][T12656]  ? srso_alias_return_thunk+0x5/0xfbef5
[  411.904293][T12656]  do_syscall_64+0xcd/0x4c0
[  411.904330][T12656]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  411.904367][T12656] RIP: 0033:0x7fdc0cf8eba9
[  411.904395][T12656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  411.904431][T12656] RSP: 002b:00007fdc0ddec038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  411.904465][T12656] RAX: ffffffffffffffda RBX: 00007fdc0d1d5fa0 RCX: 00007fdc0cf8eba9
[  411.904490][T12656] RDX: 00000000000000c4 RSI: 0000200000000280 RDI: 0000000000000003
[  411.904514][T12656] RBP: 00007fdc0d011e19 R08: 0000000000000000 R09: 0000000000000000
[  411.904537][T12656] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  411.904560][T12656] R13: 00007fdc0d1d6038 R14: 00007fdc0d1d5fa0 R15: 00007ffe0636ca08
[  411.904610][T12656]  </TASK>
[  411.906456][T12656] Mem-Info:
[  412.098816][T12735] loop2: detected capacity change from 0 to 1024
[  412.349451][T12656] active_anon:7320 inactive_anon:0 isolated_anon:0
[  412.349451][T12656]  active_file:13449 inactive_file:40008 isolated_file:0
[  412.349451][T12656]  unevictable:768 dirty:176 writeback:0
[  412.349451][T12656]  slab_reclaimable:11582 slab_unreclaimable:124024
[  412.349451][T12656]  mapped:37577 shmem:4481 pagetables:1140
[  412.349451][T12656]  sec_pagetables:0 bounce:0
[  412.349451][T12656]  kernel_misc_reclaimable:0
[  412.349451][T12656]  free:1266725 free_pcp:15236 free_cma:0
[  412.524850][T12656] Node 0 active_anon:30500kB inactive_anon:0kB active_file:53796kB inactive_file:159828kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:150484kB dirty:704kB writeback:0kB shmem:16600kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12140kB pagetables:4216kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  412.556834][T12656] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  412.588312][T12656] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  412.617320][T12656] lowmem_reserve[]: 0 2479 2481 2481 2481
[  412.629210][T12656] Node 0 DMA32 free:1165164kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:31652kB inactive_anon:0kB active_file:53796kB inactive_file:158504kB unevictable:1536kB writepending:704kB present:3129332kB managed:2539468kB mlocked:0kB bounce:0kB free_pcp:34392kB local_pcp:19684kB free_cma:0kB
[  412.669935][T12735] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  412.690856][T12656] lowmem_reserve[]: 0 0 1 1 1
[  412.695693][T12656] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  412.724856][T12656] lowmem_reserve[]: 0 0 0 0 0
[  412.729647][T12656] Node 1 Normal free:3886168kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:24804kB local_pcp:12128kB free_cma:0kB
[  412.762549][T12735] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  412.809592][T12656] lowmem_reserve[]: 0 0 0 0 0
[  412.814408][T12656] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  412.839678][T12656] Node 0 DMA32: 2069*4kB (UE) 1315*8kB (U) 689*16kB (UE) 669*32kB (UM) 80*64kB (UM) 118*128kB (UME) 72*256kB (UM) 27*512kB (UME) 21*1024kB (UME) 7*2048kB (UM) 250*4096kB (M) = 1163548kB
[  412.856269][T12735] EXT4-fs (loop2): orphan cleanup on readonly fs
[  412.866022][T12738] netlink: 14 bytes leftover after parsing attributes in process `syz.6.2582'.
[  412.905449][T12656] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  412.947307][T12735] EXT4-fs error (device loop2): ext4_free_blocks:6695: comm syz.2.2581: Freeing blocks not in datazone - block = 0, count = 4096
[  412.964161][T12738] hsr_slave_0: left promiscuous mode
[  412.970041][T12744] loop8: detected capacity change from 0 to 512
[  412.976476][T12656] Node 1 Normal: 184*4kB (UE) 49*8kB (UME) 39*16kB (UME) 74*32kB (UME) 29*64kB (UME) 10*128kB (UME) 6*256kB (UME) 5*512kB (UME) 2*1024kB (UM) 1*2048kB (E) 945*4096kB (M) = 3886168kB
[  412.981213][T12738] hsr_slave_1: left promiscuous mode
[  412.998230][T12744] EXT4-fs: Ignoring removed bh option
[  413.018805][T12735] EXT4-fs (loop2): 1 orphan inode deleted
[  413.027847][T12735] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  413.030543][T12744] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #15: comm syz.8.2585: corrupted inode contents
[  413.058056][T12656] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  413.131391][T12656] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  413.140560][T12744] EXT4-fs error (device loop8) in ext4_orphan_del:305: Corrupt filesystem
[  413.155107][T12744] EXT4-fs error (device loop8): ext4_do_update_inode:5653: inode #15: comm syz.8.2585: corrupted inode contents
[  413.159782][T12656] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  413.207072][T12656] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  413.237654][T12744] EXT4-fs error (device loop8): ext4_evict_inode:302: inode #15: comm syz.8.2585: mark_inode_dirty error
[  413.440258][T12744] EXT4-fs (loop8): 1 orphan inode deleted
[  413.448636][T12744] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  413.470691][T12656] 60869 total pagecache pages
[  413.493819][T12656] 0 pages in swap cache
[  413.518308][T12656] Free swap  = 124996kB
[  413.533309][T12656] Total swap = 124996kB
[  413.559644][T12656] 2097051 pages RAM
[  413.579573][T12656] 0 pages HighMem/MovableOnly
[  413.592758][T12656] 430222 pages reserved
[  413.626014][T12656] 0 pages cma reserved
[  413.761465][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  413.972849][ T7245] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  414.257718][T12753] syzkaller0: entered promiscuous mode
[  414.316317][T12753] syzkaller0: entered allmulticast mode
[  415.392135][T12784] loop2: detected capacity change from 0 to 1024
[  415.399715][T12784] EXT4-fs: Ignoring removed orlov option
[  415.405515][T12784] EXT4-fs: Ignoring removed nomblk_io_submit option
[  415.455895][T12784] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  415.589526][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  415.967581][T12799] loop6: detected capacity change from 0 to 512
[  416.008945][T12799] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #15: comm syz.6.2601: iget: bad i_size value: 38620345925642
[  416.026190][T12799] EXT4-fs error (device loop6): ext4_orphan_get:1395: comm syz.6.2601: couldn't read orphan inode 15 (err -117)
[  416.059518][T12799] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  417.017443][ T8428] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  417.121376][T12819] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2612'.
[  417.715050][T12839] syz.2.2614 (12839) used greatest stack depth: 19752 bytes left
[  417.940877][T12870] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2616'.
[  417.979500][T12870] netlink: 348 bytes leftover after parsing attributes in process `syz.3.2616'.
[  418.002621][T12870] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2616'.
[  418.028997][T12870] netlink: 348 bytes leftover after parsing attributes in process `syz.3.2616'.
[  418.052861][T12870] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2616'.
[  418.527215][T12883] loop3: detected capacity change from 0 to 512
[  418.594805][T12888] program syz.1.2624 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  418.646931][T12883] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.2622: iget: bad i_size value: 38620345925642
[  418.682463][T12883] EXT4-fs error (device loop3): ext4_orphan_get:1395: comm syz.3.2622: couldn't read orphan inode 15 (err -117)
[  418.737585][T12883] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  418.901132][T12896] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2627'.
[  419.102831][T12901] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2630'.
[  419.168032][ T5873] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  419.425453][T12908] netlink: 224 bytes leftover after parsing attributes in process `syz.8.2634'.
[  419.466638][T12908] ksmbd: Unknown IPC event: 4, ignore.
[  419.850325][T12913] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2631'.
[  420.580678][T12920] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2635'.
[  421.165362][T12942] netlink: 'syz.0.2644': attribute type 4 has an invalid length.
[  421.226492][T12942] netlink: 'syz.0.2644': attribute type 4 has an invalid length.
[  421.724428][T12934] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0
[  422.148665][T12952] loop6: detected capacity change from 0 to 1024
[  422.189813][T12952] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  422.236063][T12952] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  422.264281][T12959] random: crng reseeded on system resumption
[  422.278222][T12952] EXT4-fs (loop6): orphan cleanup on readonly fs
[  422.288290][T12952] EXT4-fs error (device loop6): ext4_free_blocks:6695: comm syz.6.2649: Freeing blocks not in datazone - block = 0, count = 4096
[  422.314631][T12952] EXT4-fs (loop6): 1 orphan inode deleted
[  422.327115][T12952] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  422.509184][ T8428] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  422.738540][   T30] audit: type=1326 audit(1757473037.840:1902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12970 comm="syz.0.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  422.852708][   T30] audit: type=1326 audit(1757473037.880:1903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12970 comm="syz.0.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  422.918395][   T30] audit: type=1326 audit(1757473037.880:1904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12970 comm="syz.0.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  422.963067][   T30] audit: type=1326 audit(1757473037.880:1905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12970 comm="syz.0.2657" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f178b98eba9 code=0x7ffc0000
[  424.587339][T13008] loop2: detected capacity change from 0 to 1024
[  424.610178][T13008] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  424.693430][T13019] loop0: detected capacity change from 0 to 512
[  424.694410][T13019] EXT4-fs: Ignoring removed nobh option
[  424.702856][T13008] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  424.724861][T13008] EXT4-fs (loop2): orphan cleanup on readonly fs
[  424.734409][T13008] EXT4-fs error (device loop2): ext4_free_blocks:6695: comm syz.2.2668: Freeing blocks not in datazone - block = 0, count = 4096
[  424.757118][T13008] EXT4-fs (loop2): 1 orphan inode deleted
[  424.766310][T13022] __nla_validate_parse: 9 callbacks suppressed
[  424.766333][T13022] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2674'.
[  424.774442][T13008] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  424.833440][T13019] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #3: comm syz.0.2672: corrupted inode contents
[  424.855786][T13019] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #3: comm syz.0.2672: mark_inode_dirty error
[  424.882725][T13019] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #3: comm syz.0.2672: corrupted inode contents
[  424.965645][T13019] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #3: comm syz.0.2672: mark_inode_dirty error
[  425.052817][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  425.082346][T13019] Quota error (device loop0): write_blk: dquota write failed
[  425.092438][T13019] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  425.135919][T13019] EXT4-fs error (device loop0): ext4_acquire_dquot:6935: comm syz.0.2672: Failed to acquire dquot type 0
[  425.189843][T13019] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.2672: corrupted inode contents
[  425.237816][T13019] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #16: comm syz.0.2672: mark_inode_dirty error
[  425.283304][T13019] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.2672: corrupted inode contents
[  425.301337][T13019] EXT4-fs error (device loop0): __ext4_ext_dirty:206: inode #16: comm syz.0.2672: mark_inode_dirty error
[  425.438484][T13019] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.2672: corrupted inode contents
[  425.717676][T13019] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem
[  425.939824][T13019] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #16: comm syz.0.2672: corrupted inode contents
[  426.021860][T13019] EXT4-fs error (device loop0): ext4_truncate:4666: inode #16: comm syz.0.2672: mark_inode_dirty error
[  426.092313][T13019] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem
[  426.183136][T13019] EXT4-fs (loop0): 1 truncate cleaned up
[  426.193251][T13019] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  426.208487][T13019] ext4 filesystem being mounted at /482/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  426.326520][T13045] tmpfs: Bad value for 'mpol'
[  427.627033][ T5860] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  427.687443][   T30] audit: type=1326 audit(1757473042.770:1906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13050 comm="syz.6.2683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f1178eba9 code=0x7ffc0000
[  427.807799][   T30] audit: type=1326 audit(1757473042.770:1907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13050 comm="syz.6.2683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f1178eba9 code=0x7ffc0000
[  427.888747][T13057] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2685'.
[  428.006408][   T30] audit: type=1326 audit(1757473042.790:1908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13050 comm="syz.6.2683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f0f1178eba9 code=0x7ffc0000
[  428.207905][   T30] audit: type=1326 audit(1757473042.790:1909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13050 comm="syz.6.2683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f1178eba9 code=0x7ffc0000
[  428.305560][T13063] loop0: detected capacity change from 0 to 512
[  428.332827][T13064] netlink: 'syz.6.2688': attribute type 4 has an invalid length.
[  428.395670][T13063] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  428.406444][   T30] audit: type=1326 audit(1757473042.790:1910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13050 comm="syz.6.2683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f1178eba9 code=0x7ffc0000
[  428.503095][T13064] netlink: 'syz.6.2688': attribute type 4 has an invalid length.
[  428.525615][T13063] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[  428.558787][   T30] audit: type=1326 audit(1757473042.790:1911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13050 comm="syz.6.2683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=427 compat=0 ip=0x7f0f1178eba9 code=0x7ffc0000
[  428.590201][T13063] System zones: 1-12
[  428.613374][T13063] EXT4-fs error (device loop0): ext4_iget_extra_inode:5103: inode #15: comm syz.0.2684: corrupted in-inode xattr: e_value size too large
[  428.711711][T13063] EXT4-fs error (device loop0): ext4_orphan_get:1395: comm syz.0.2684: couldn't read orphan inode 15 (err -117)
[  428.744442][   T30] audit: type=1326 audit(1757473042.790:1912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13050 comm="syz.6.2683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f1178eba9 code=0x7ffc0000
[  428.832202][T13063] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  428.854698][   T30] audit: type=1326 audit(1757473042.790:1913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13050 comm="syz.6.2683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f1178eba9 code=0x7ffc0000
[  428.877600][   T30] audit: type=1326 audit(1757473042.820:1914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13050 comm="syz.6.2683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f0f1178eba9 code=0x7ffc0000
[  428.918180][   T30] audit: type=1326 audit(1757473042.820:1915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13050 comm="syz.6.2683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f1178eba9 code=0x7ffc0000
[  429.010613][   T30] audit: type=1326 audit(1757473042.820:1916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13050 comm="syz.6.2683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0f1178eba9 code=0x7ffc0000
[  429.060137][T13079] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2693'.
[  429.101115][ T5860] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  429.353817][T13093] random: crng reseeded on system resumption
[  430.090398][T13117] loop2: detected capacity change from 0 to 1024
[  430.118835][T13124] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2713'.
[  430.129350][T13117] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  430.175860][T13126] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2714'.
[  430.177033][T13117] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  430.205910][T13117] EXT4-fs (loop2): orphan cleanup on readonly fs
[  430.231273][T13117] EXT4-fs error (device loop2): ext4_free_blocks:6695: comm syz.2.2709: Freeing blocks not in datazone - block = 0, count = 4096
[  430.252024][T13117] EXT4-fs (loop2): 1 orphan inode deleted
[  430.260181][T13117] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  430.398131][T13132] random: crng reseeded on system resumption
[  430.433403][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  430.540361][T13142] loop0: detected capacity change from 0 to 1024
[  431.057571][T13150] loop3: detected capacity change from 0 to 1024
[  431.088397][T13150] EXT4-fs: Ignoring removed bh option
[  431.107186][T13150] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  431.166031][T13150] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  431.224851][T13161] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2726'.
[  431.255792][ T5873] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  431.303476][T13161] ip6gre1: entered allmulticast mode
[  431.767960][T13174] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2729'.
[  431.769823][T13175] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2731'.
[  431.784443][T13174] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2729'.
[  431.790312][T13176] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2732'.
[  433.030187][T13190] random: crng reseeded on system resumption
[  433.510153][T13207] loop0: detected capacity change from 0 to 1024
[  434.716611][T13220] netlink: 20 bytes leftover after parsing attributes in process `syz.8.2746'.
[  435.051167][T13223] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2748'.
[  435.061900][T13223] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2748'.
[  435.147372][T13227] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2750'.
[  435.161015][T13228] netlink: 104 bytes leftover after parsing attributes in process `syz.1.2749'.
[  435.319945][T13235] random: crng reseeded on system resumption
[  435.348725][T13237] loop0: detected capacity change from 0 to 512
[  435.365371][T13237] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  435.394677][T13237] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[  435.415346][T13237] System zones: 1-12
[  435.426650][T13237] EXT4-fs error (device loop0): ext4_iget_extra_inode:5103: inode #15: comm syz.0.2754: corrupted in-inode xattr: e_value size too large
[  435.444190][T13237] EXT4-fs error (device loop0): ext4_orphan_get:1395: comm syz.0.2754: couldn't read orphan inode 15 (err -117)
[  435.472942][T13237] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  435.553702][ T5860] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  435.795565][   T30] audit: type=1326 audit(1757473050.900:1917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13251 comm="syz.3.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  435.913563][   T30] audit: type=1326 audit(1757473050.940:1918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13251 comm="syz.3.2759" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  436.032650][   T30] audit: type=1326 audit(1757473050.940:1919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13251 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  436.070143][   T30] audit: type=1326 audit(1757473050.940:1920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13251 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  436.738505][   T30] audit: type=1326 audit(1757473050.940:1921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13251 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  436.799638][   T30] audit: type=1326 audit(1757473050.940:1922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13251 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  436.857729][   T30] audit: type=1326 audit(1757473050.940:1923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13251 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  436.942503][   T30] audit: type=1326 audit(1757473050.940:1924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13251 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdc0cf8d510 code=0x7ffc0000
[  436.976174][   T30] audit: type=1326 audit(1757473050.940:1925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13251 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fdc0cf903d7 code=0x7ffc0000
[  437.035979][   T30] audit: type=1326 audit(1757473050.940:1926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13251 comm="+}[@" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdc0cf8eba9 code=0x7ffc0000
[  437.074499][T13266] loop2: detected capacity change from 0 to 512
[  437.123282][T13270] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2766'.
[  437.138485][T13266] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.2763: iget: bad i_size value: 38620345925642
[  437.151836][T13270] netlink: 348 bytes leftover after parsing attributes in process `syz.6.2766'.
[  437.151871][T13270] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2766'.
[  437.151896][T13270] netlink: 348 bytes leftover after parsing attributes in process `syz.6.2766'.
[  437.151993][T13270] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2766'.
[  437.213752][T13266] EXT4-fs error (device loop2): ext4_orphan_get:1395: comm syz.2.2763: couldn't read orphan inode 15 (err -117)
[  437.285570][T13266] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  437.301818][T13275] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2767'.
[  437.423845][T13279] random: crng reseeded on system resumption
[  437.523508][T13283] netlink: 'syz.1.2771': attribute type 21 has an invalid length.
[  437.559580][T13283] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2771'.
[  437.596108][ T5862] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  437.719865][T13288] random: crng reseeded on system resumption
[  438.360799][T13301] loop6: detected capacity change from 0 to 128
[  438.430130][T13301] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  438.502659][T13301] ext4 filesystem being mounted at /298/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  438.772363][ T8428] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  438.903493][T13308] netlink: 64 bytes leftover after parsing attributes in process `syz.3.2780'.
[  439.440655][T13322] random: crng reseeded on system resumption
[  440.136638][T13327] loop6: detected capacity change from 0 to 512
[  440.270166][T13327] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #15: comm syz.6.2786: iget: bad i_size value: 38620345925642
[  440.427508][T13327] EXT4-fs error (device loop6): ext4_orphan_get:1395: comm syz.6.2786: couldn't read orphan inode 15 (err -117)
[  440.546207][T13327] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  442.369746][T13345] __nla_validate_parse: 7 callbacks suppressed
[  442.369772][T13345] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2788'.
[  442.988566][ T8428] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  443.458287][T13287] warn_alloc: 1 callbacks suppressed
[  443.458312][T13287] syz.8.2772: vmalloc error: size 2101248, failed to allocated page array size 4104, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  443.573121][T13287] CPU: 1 UID: 0 PID: 13287 Comm: syz.8.2772 Not tainted syzkaller #0 PREEMPT(full) 
[  443.573168][T13287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  443.573189][T13287] Call Trace:
[  443.573201][T13287]  <TASK>
[  443.573214][T13287]  dump_stack_lvl+0x16c/0x1f0
[  443.573277][T13287]  warn_alloc+0x248/0x3a0
[  443.573336][T13287]  ? __pfx_warn_alloc+0x10/0x10
[  443.573413][T13287]  ? hash_netiface_create+0x3ec/0x1250
[  443.573464][T13287]  ? srso_alias_return_thunk+0x5/0xfbef5
[  443.573508][T13287]  ? __vmalloc_node_noprof+0xad/0xf0
[  443.573565][T13287]  __vmalloc_node_range_noprof+0x101b/0x14b0
[  443.573637][T13287]  ? hash_netiface_create+0x3ec/0x1250
[  443.573701][T13287]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  443.573769][T13287]  ? hash_netiface_create+0x3ec/0x1250
[  443.573818][T13287]  __vmalloc_node_noprof+0xad/0xf0
[  443.573866][T13287]  ? hash_netiface_create+0x3ec/0x1250
[  443.573923][T13287]  __vmalloc_node_range_noprof+0xb73/0x14b0
[  443.573970][T13287]  ? ip_set_create+0x7e4/0x14d0
[  443.574016][T13287]  ? srso_alias_return_thunk+0x5/0xfbef5
[  443.574076][T13287]  ? hash_netiface_create+0x3ec/0x1250
[  443.574139][T13287]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  443.574195][T13287]  ? srso_alias_return_thunk+0x5/0xfbef5
[  443.574238][T13287]  ? ___kmalloc_large_node+0xed/0x160
[  443.574283][T13287]  ? srso_alias_return_thunk+0x5/0xfbef5
[  443.574335][T13287]  __kvmalloc_node_noprof+0x30a/0x620
[  443.574390][T13287]  ? hash_netiface_create+0x3ec/0x1250
[  443.574444][T13287]  ? hash_netiface_create+0x3ec/0x1250
[  443.574503][T13287]  ? hash_netiface_create+0x3ec/0x1250
[  443.574552][T13287]  hash_netiface_create+0x3ec/0x1250
[  443.574605][T13287]  ? __nla_validate+0xb/0x50
[  443.574653][T13287]  ? __pfx_hash_netiface_create+0x10/0x10
[  443.574707][T13287]  ip_set_create+0x7e4/0x14d0
[  443.574767][T13287]  ? __pfx_ip_set_create+0x10/0x10
[  443.574852][T13287]  ? srso_alias_return_thunk+0x5/0xfbef5
[  443.574896][T13287]  ? find_held_lock+0x2b/0x80
[  443.574946][T13287]  ? srso_alias_return_thunk+0x5/0xfbef5
[  443.574999][T13287]  nfnetlink_rcv_msg+0x9fc/0x1200
[  443.575063][T13287]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  443.575118][T13287]  ? srso_alias_return_thunk+0x5/0xfbef5
[  443.575161][T13287]  ? stack_trace_save+0x8e/0xc0
[  443.575273][T13287]  netlink_rcv_skb+0x158/0x420
[  443.575309][T13287]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  443.575360][T13287]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  443.575392][T13287]  ? srso_alias_return_thunk+0x5/0xfbef5
[  443.575460][T13287]  ? srso_alias_return_thunk+0x5/0xfbef5
[  443.575504][T13287]  ? ns_capable+0xd7/0x110
[  443.575553][T13287]  nfnetlink_rcv+0x1b3/0x430
[  443.575598][T13287]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  443.575647][T13287]  ? srso_alias_return_thunk+0x5/0xfbef5
[  443.575691][T13287]  ? netlink_deliver_tap+0x1ae/0xd30
[  443.575747][T13287]  ? srso_alias_return_thunk+0x5/0xfbef5
[  443.575790][T13287]  ? is_vmalloc_addr+0x86/0xa0
[  443.575853][T13287]  netlink_unicast+0x5aa/0x870
[  443.575921][T13287]  ? __pfx_netlink_unicast+0x10/0x10
[  443.575982][T13287]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  443.576040][T13287]  ? __lock_acquire+0xb97/0x1ce0
[  443.576112][T13287]  netlink_sendmsg+0x8d1/0xdd0
[  443.576182][T13287]  ? __pfx_netlink_sendmsg+0x10/0x10
[  443.576241][T13287]  ? srso_alias_return_thunk+0x5/0xfbef5
[  443.576292][T13287]  ? srso_alias_return_thunk+0x5/0xfbef5
[  443.576336][T13287]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  443.576385][T13287]  ____sys_sendmsg+0xa98/0xc70
[  443.576428][T13287]  ? srso_alias_return_thunk+0x5/0xfbef5
[  443.576471][T13287]  ? copy_msghdr_from_user+0x10a/0x160
[  443.576545][T13287]  ? __pfx_____sys_sendmsg+0x10/0x10
[  443.576599][T13287]  ? __pfx_futex_wake_mark+0x10/0x10
[  443.576654][T13287]  ___sys_sendmsg+0x134/0x1d0
[  443.576716][T13287]  ? __pfx____sys_sendmsg+0x10/0x10
[  443.576800][T13287]  ? srso_alias_return_thunk+0x5/0xfbef5
[  443.576882][T13287]  __sys_sendmsg+0x16d/0x220
[  443.576941][T13287]  ? __pfx___sys_sendmsg+0x10/0x10
[  443.576996][T13287]  ? srso_alias_return_thunk+0x5/0xfbef5
[  443.577040][T13287]  ? srso_alias_return_thunk+0x5/0xfbef5
[  443.577105][T13287]  ? srso_alias_return_thunk+0x5/0xfbef5
[  443.577162][T13287]  do_syscall_64+0xcd/0x4c0
[  443.577199][T13287]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  443.577236][T13287] RIP: 0033:0x7f5adc78eba9
[  443.577265][T13287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  443.577301][T13287] RSP: 002b:00007f5add5ff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  443.577335][T13287] RAX: ffffffffffffffda RBX: 00007f5adc9d6090 RCX: 00007f5adc78eba9
[  443.577360][T13287] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000005
[  443.577383][T13287] RBP: 00007f5adc811e19 R08: 0000000000000000 R09: 0000000000000000
[  443.577406][T13287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  443.577429][T13287] R13: 00007f5adc9d6128 R14: 00007f5adc9d6090 R15: 00007ffe70b7e898
[  443.577479][T13287]  </TASK>
[  443.577491][T13287] Mem-Info:
[  444.151739][T13287] active_anon:8978 inactive_anon:0 isolated_anon:0
[  444.151739][T13287]  active_file:13514 inactive_file:40027 isolated_file:0
[  444.151739][T13287]  unevictable:768 dirty:364 writeback:0
[  444.151739][T13287]  slab_reclaimable:11531 slab_unreclaimable:125465
[  444.151739][T13287]  mapped:37641 shmem:6167 pagetables:1231
[  444.151739][T13287]  sec_pagetables:0 bounce:0
[  444.151739][T13287]  kernel_misc_reclaimable:0
[  444.151739][T13287]  free:1227284 free_pcp:19134 free_cma:0
[  444.217615][T13287] Node 0 active_anon:34612kB inactive_anon:0kB active_file:54056kB inactive_file:159904kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:150564kB dirty:1456kB writeback:0kB shmem:21832kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13260kB pagetables:4876kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  444.339821][T13287] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  444.429990][T13287] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  444.475498][T13287] lowmem_reserve[]: 0 2479 2481 2481 2481
[  444.481598][T13287] Node 0 DMA32 free:1006828kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:28764kB inactive_anon:0kB active_file:54056kB inactive_file:158580kB unevictable:1536kB writepending:1456kB present:3129332kB managed:2539468kB mlocked:0kB bounce:0kB free_pcp:61440kB local_pcp:26404kB free_cma:0kB
[  444.521808][T13360] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2795'.
[  444.569964][T13287] lowmem_reserve[]: 0 0 1 1 1
[  444.574886][T13287] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1324kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  444.611859][T13287] lowmem_reserve[]: 0 0 0 0 0
[  444.617114][T13364] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2798'.
[  444.618986][T13287] Node 1 
[  444.639012][T13364] netlink: 348 bytes leftover after parsing attributes in process `syz.3.2798'.
[  444.645199][T13287] Normal free:3886940kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:24032kB local_pcp:11872kB free_cma:0kB
[  444.678436][T13364] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2798'.
[  444.688367][T13287] lowmem_reserve[]: 0 0 0 0 0
[  444.696658][T13287] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  444.697942][T13363] loop0: detected capacity change from 0 to 1024
[  444.715865][T13287] Node 0 DMA32: 24*4kB (UME) 22*8kB (E) 2*16kB (UE) 0*32kB 3*64kB (UME) 2*128kB (ME) 0*256kB 6*512kB (UME) 15*1024kB (UME) 6*2048kB (UM) 238*4096kB (M) = 1006320kB
[  444.748235][T13363] EXT4-fs: Ignoring removed nobh option
[  444.749992][T13364] netlink: 348 bytes leftover after parsing attributes in process `syz.3.2798'.
[  444.765696][T13363] EXT4-fs: Ignoring removed bh option
[  444.813953][T13364] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2798'.
[  444.839665][T13287] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  444.864429][T13287] Node 1 Normal: 185*4kB (UE) 49*8kB (UME) 39*16kB (UME) 92*32kB (UME) 32*64kB (UME) 10*128kB (UME) 6*256kB (UME) 5*512kB (UME) 2*1024kB (UM) 1*2048kB (E) 945*4096kB (M) = 3886940kB
[  444.878121][T13363] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  444.891688][T13287] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  444.905186][T13287] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  444.914560][T13287] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  444.926050][T13287] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  444.936860][T13287] 58017 total pagecache pages
[  444.941580][T13287] 0 pages in swap cache
[  444.945734][T13287] Free swap  = 124996kB
[  444.950137][T13287] Total swap = 124996kB
[  444.954299][T13287] 2097051 pages RAM
[  444.958111][T13287] 0 pages HighMem/MovableOnly
[  444.962960][T13287] 430222 pages reserved
[  444.967114][T13287] 0 pages cma reserved
[  445.135770][T13363] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4182: comm syz.0.2797: Allocating blocks 385-513 which overlap fs metadata
[  445.232294][T13363] EXT4-fs (loop0): pa ffff88807eafc3a0: logic 16, phys. 129, len 24
[  445.242061][T13363] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:5433: group 0, free 0, pa_free 8
[  445.315955][T13377] random: crng reseeded on system resumption
[  445.459230][ T5860] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  445.530555][T13384] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2805'.
[  445.599638][T13384] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2805'.
[  445.761130][T13390] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.2806' sets config #-1
[  445.958860][T13386] syzkaller0: entered promiscuous mode
[  445.979279][T13386] syzkaller0: entered allmulticast mode
[  446.033621][T13395] loop0: detected capacity change from 0 to 512
[  446.082685][T13395] EXT4-fs (loop0): orphan cleanup on readonly fs
[  446.137397][T13395] EXT4-fs warning (device loop0): ext4_xattr_inode_get:555: inode #11: comm syz.0.2810: EA inode hash validation failed
[  446.154565][T13395] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2847: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  446.171015][T13395] ------------[ cut here ]------------
[  446.176795][T13395] EA inode 11 ref_count=-1
[  446.177241][T13395] WARNING: CPU: 0 PID: 13395 at fs/ext4/xattr.c:1047 ext4_xattr_inode_update_ref+0x3d4/0x570
[  446.192219][T13395] Modules linked in:
[  446.196347][T13395] CPU: 0 UID: 0 PID: 13395 Comm: syz.0.2810 Not tainted syzkaller #0 PREEMPT(full) 
[  446.205880][T13395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  446.215999][T13395] RIP: 0010:ext4_xattr_inode_update_ref+0x3d4/0x570
[  446.222701][T13395] Code: df 48 8d 7b 40 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 9b 01 00 00 48 8b 73 40 4c 89 e2 48 c7 c7 20 00 c8 8b e8 bd 7d f0 fe 90 <0f> 0b 90 90 e9 4d fe ff ff e8 de d9 31 ff 44 0f b6 3d 3d 43 0a 0e
[  446.242530][T13395] RSP: 0018:ffffc9000f3df430 EFLAGS: 00010282
[  446.248827][T13395] RAX: 0000000000000000 RBX: ffff888052416238 RCX: ffffc9000b0c9000
[  446.256898][T13395] RDX: 0000000000080000 RSI: ffffffff817a3395 RDI: 0000000000000001
[  446.266251][T13395] RBP: ffffc9000f3df4f0 R08: 0000000000000001 R09: 0000000000000000
[  446.275389][T13395] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffffffffff
[  446.284059][T13395] R13: 1ffff92001e7be89 R14: ffff888052416310 R15: 0000000000000000
[  446.292228][T13395] FS:  00007f178c7976c0(0000) GS:ffff8881246b7000(0000) knlGS:0000000000000000
[  446.301321][T13395] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  446.307926][T13395] CR2: 0000555563072808 CR3: 000000004ca96000 CR4: 0000000000350ef0
[  446.315969][T13395] Call Trace:
[  446.319256][T13395]  <TASK>
[  446.322250][T13395]  ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10
[  446.328654][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.334351][T13395]  ? __ext4_journal_ensure_credits+0x25e/0x2f0
[  446.340661][T13395]  ext4_xattr_inode_dec_ref_all+0x52a/0xed0
[  446.346604][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.352311][T13395]  ? __pfx_ext4_xattr_inode_dec_ref_all+0x10/0x10
[  446.358782][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.365829][T13395]  ? errseq_check+0x4f/0x90
[  446.371549][T13395]  ext4_xattr_delete_inode+0x4ee/0xb80
[  446.377040][T13395]  ? rcu_is_watching+0x12/0xc0
[  446.381906][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.387577][T13395]  ? __pfx_ext4_xattr_delete_inode+0x10/0x10
[  446.393627][T13395]  ? ext4_journal_check_start+0x22b/0x340
[  446.399390][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.405092][T13395]  ? __ext4_journal_start_sb+0x19e/0x690
[  446.410801][T13395]  ? ext4_evict_inode+0x5cf/0x18e0
[  446.415955][T13395]  ext4_evict_inode+0x7d6/0x18e0
[  446.420976][T13395]  ? __pfx_ext4_evict_inode+0x10/0x10
[  446.426385][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.432105][T13395]  ? __pfx_ext4_evict_inode+0x10/0x10
[  446.437514][T13395]  evict+0x3e6/0x920
[  446.441484][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.447152][T13395]  ? __pfx_evict+0x10/0x10
[  446.451655][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.457334][T13395]  iput+0x521/0x880
[  446.461222][T13395]  ? __pfx_ext4_drop_inode+0x10/0x10
[  446.467867][T13395]  ext4_orphan_cleanup+0x731/0x11e0
[  446.474245][T13395]  ? __pfx_ext4_orphan_cleanup+0x10/0x10
[  446.479960][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.485652][T13395]  ? ext4_register_li_request+0xec/0x9b0
[  446.491367][T13395]  ext4_fill_super+0x8a38/0xafa0
[  446.496380][T13395]  ? __pfx_ext4_fill_super+0x10/0x10
[  446.501794][T13395]  ? do_raw_spin_lock+0x12c/0x2b0
[  446.506848][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.512543][T13395]  ? find_held_lock+0x2b/0x80
[  446.517252][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.522948][T13395]  ? set_blocksize+0x406/0x500
[  446.527740][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.533470][T13395]  ? sb_set_blocksize+0x176/0x1d0
[  446.538530][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.544250][T13395]  ? setup_bdev_super+0x369/0x730
[  446.549322][T13395]  get_tree_bdev_flags+0x38c/0x620
[  446.554521][T13395]  ? __pfx_ext4_fill_super+0x10/0x10
[  446.559893][T13395]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  446.566923][T13395]  ? apparmor_capable+0x114/0x1d0
[  446.573091][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.578758][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.584465][T13395]  ? security_capable+0x7e/0x260
[  446.589432][T13395]  vfs_get_tree+0x8e/0x340
[  446.593937][T13395]  path_mount+0x1513/0x2000
[  446.598476][T13395]  ? __pfx_path_mount+0x10/0x10
[  446.603468][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.609130][T13395]  ? kmem_cache_free+0x2d1/0x4d0
[  446.614181][T13395]  ? putname+0x154/0x1a0
[  446.618458][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.624147][T13395]  ? putname+0x154/0x1a0
[  446.628423][T13395]  ? __x64_sys_mount+0x28d/0x310
[  446.633412][T13395]  __x64_sys_mount+0x28d/0x310
[  446.638205][T13395]  ? __pfx___x64_sys_mount+0x10/0x10
[  446.643547][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.649224][T13395]  do_syscall_64+0xcd/0x4c0
[  446.653810][T13395]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  446.659780][T13395] RIP: 0033:0x7f178b99034a
[  446.664209][T13395] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  446.685252][T13395] RSP: 002b:00007f178c796e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  446.694844][T13395] RAX: ffffffffffffffda RBX: 00007f178c796ef0 RCX: 00007f178b99034a
[  446.702877][T13395] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f178c796eb0
[  446.710960][T13395] RBP: 0000200000000180 R08: 00007f178c796ef0 R09: 000000000080078b
[  446.718943][T13395] R10: 000000000080078b R11: 0000000000000246 R12: 00002000000001c0
[  446.726965][T13395] R13: 00007f178c796eb0 R14: 0000000000000473 R15: 0000200000000680
[  446.735004][T13395]  </TASK>
[  446.738029][T13395] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  446.745307][T13395] CPU: 0 UID: 0 PID: 13395 Comm: syz.0.2810 Not tainted syzkaller #0 PREEMPT(full) 
[  446.754685][T13395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[  446.764740][T13395] Call Trace:
[  446.768014][T13395]  <TASK>
[  446.770944][T13395]  dump_stack_lvl+0x3d/0x1f0
[  446.775573][T13395]  vpanic+0x6e8/0x7a0
[  446.779590][T13395]  ? __pfx_vpanic+0x10/0x10
[  446.784136][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.789789][T13395]  ? ext4_xattr_inode_update_ref+0x3d4/0x570
[  446.795802][T13395]  panic+0xca/0xd0
[  446.799547][T13395]  ? __pfx_panic+0x10/0x10
[  446.804008][T13395]  check_panic_on_warn+0xab/0xb0
[  446.808972][T13395]  __warn+0xf6/0x3c0
[  446.812864][T13395]  ? __pfx_vprintk_emit+0x10/0x10
[  446.817912][T13395]  ? ext4_xattr_inode_update_ref+0x3d4/0x570
[  446.823920][T13395]  report_bug+0x3c3/0x580
[  446.828271][T13395]  ? ext4_xattr_inode_update_ref+0x3d4/0x570
[  446.834277][T13395]  handle_bug+0x184/0x210
[  446.838620][T13395]  exc_invalid_op+0x17/0x50
[  446.843144][T13395]  asm_exc_invalid_op+0x1a/0x20
[  446.848001][T13395] RIP: 0010:ext4_xattr_inode_update_ref+0x3d4/0x570
[  446.854615][T13395] Code: df 48 8d 7b 40 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 9b 01 00 00 48 8b 73 40 4c 89 e2 48 c7 c7 20 00 c8 8b e8 bd 7d f0 fe 90 <0f> 0b 90 90 e9 4d fe ff ff e8 de d9 31 ff 44 0f b6 3d 3d 43 0a 0e
[  446.874320][T13395] RSP: 0018:ffffc9000f3df430 EFLAGS: 00010282
[  446.880394][T13395] RAX: 0000000000000000 RBX: ffff888052416238 RCX: ffffc9000b0c9000
[  446.888364][T13395] RDX: 0000000000080000 RSI: ffffffff817a3395 RDI: 0000000000000001
[  446.896333][T13395] RBP: ffffc9000f3df4f0 R08: 0000000000000001 R09: 0000000000000000
[  446.904301][T13395] R10: 0000000000000000 R11: 0000000000000000 R12: ffffffffffffffff
[  446.912269][T13395] R13: 1ffff92001e7be89 R14: ffff888052416310 R15: 0000000000000000
[  446.920257][T13395]  ? __warn_printk+0x1a5/0x350
[  446.925057][T13395]  ? __pfx_ext4_xattr_inode_update_ref+0x10/0x10
[  446.931417][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.937061][T13395]  ? __ext4_journal_ensure_credits+0x25e/0x2f0
[  446.943234][T13395]  ext4_xattr_inode_dec_ref_all+0x52a/0xed0
[  446.949158][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.954807][T13395]  ? __pfx_ext4_xattr_inode_dec_ref_all+0x10/0x10
[  446.961261][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.966906][T13395]  ? errseq_check+0x4f/0x90
[  446.971428][T13395]  ext4_xattr_delete_inode+0x4ee/0xb80
[  446.976898][T13395]  ? rcu_is_watching+0x12/0xc0
[  446.981681][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  446.987328][T13395]  ? __pfx_ext4_xattr_delete_inode+0x10/0x10
[  446.993317][T13395]  ? ext4_journal_check_start+0x22b/0x340
[  446.999048][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  447.004693][T13395]  ? __ext4_journal_start_sb+0x19e/0x690
[  447.010333][T13395]  ? ext4_evict_inode+0x5cf/0x18e0
[  447.015467][T13395]  ext4_evict_inode+0x7d6/0x18e0
[  447.020433][T13395]  ? __pfx_ext4_evict_inode+0x10/0x10
[  447.025823][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  447.031477][T13395]  ? __pfx_ext4_evict_inode+0x10/0x10
[  447.036871][T13395]  evict+0x3e6/0x920
[  447.040780][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  447.046427][T13395]  ? __pfx_evict+0x10/0x10
[  447.050866][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  447.056536][T13395]  iput+0x521/0x880
[  447.060355][T13395]  ? __pfx_ext4_drop_inode+0x10/0x10
[  447.065653][T13395]  ext4_orphan_cleanup+0x731/0x11e0
[  447.070880][T13395]  ? __pfx_ext4_orphan_cleanup+0x10/0x10
[  447.076538][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  447.082181][T13395]  ? ext4_register_li_request+0xec/0x9b0
[  447.087846][T13395]  ext4_fill_super+0x8a38/0xafa0
[  447.092837][T13395]  ? __pfx_ext4_fill_super+0x10/0x10
[  447.098139][T13395]  ? do_raw_spin_lock+0x12c/0x2b0
[  447.103168][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  447.108810][T13395]  ? find_held_lock+0x2b/0x80
[  447.113498][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  447.119142][T13395]  ? set_blocksize+0x406/0x500
[  447.123933][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  447.129577][T13395]  ? sb_set_blocksize+0x176/0x1d0
[  447.134619][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  447.140266][T13395]  ? setup_bdev_super+0x369/0x730
[  447.145313][T13395]  get_tree_bdev_flags+0x38c/0x620
[  447.150444][T13395]  ? __pfx_ext4_fill_super+0x10/0x10
[  447.155750][T13395]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  447.161407][T13395]  ? apparmor_capable+0x114/0x1d0
[  447.166443][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  447.172083][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  447.177725][T13395]  ? security_capable+0x7e/0x260
[  447.182672][T13395]  vfs_get_tree+0x8e/0x340
[  447.187107][T13395]  path_mount+0x1513/0x2000
[  447.191626][T13395]  ? __pfx_path_mount+0x10/0x10
[  447.196490][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  447.202146][T13395]  ? kmem_cache_free+0x2d1/0x4d0
[  447.207106][T13395]  ? putname+0x154/0x1a0
[  447.211362][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  447.217004][T13395]  ? putname+0x154/0x1a0
[  447.221270][T13395]  ? __x64_sys_mount+0x28d/0x310
[  447.226217][T13395]  __x64_sys_mount+0x28d/0x310
[  447.230993][T13395]  ? __pfx___x64_sys_mount+0x10/0x10
[  447.236284][T13395]  ? srso_alias_return_thunk+0x5/0xfbef5
[  447.241941][T13395]  do_syscall_64+0xcd/0x4c0
[  447.246451][T13395]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.252348][T13395] RIP: 0033:0x7f178b99034a
[  447.256764][T13395] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  447.276377][T13395] RSP: 002b:00007f178c796e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  447.284800][T13395] RAX: ffffffffffffffda RBX: 00007f178c796ef0 RCX: 00007f178b99034a
[  447.292774][T13395] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f178c796eb0
[  447.300743][T13395] RBP: 0000200000000180 R08: 00007f178c796ef0 R09: 000000000080078b
[  447.308714][T13395] R10: 000000000080078b R11: 0000000000000246 R12: 00002000000001c0
[  447.316680][T13395] R13: 00007f178c796eb0 R14: 0000000000000473 R15: 0000200000000680
[  447.324677][T13395]  </TASK>
[  447.327890][T13395] Kernel Offset: disabled
[  447.332207][T13395] Rebooting in 86400 seconds..