last executing test programs:

2m4.632082394s ago: executing program 3 (id=415):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, &(0x7f00000000c0), 0x2d, 0x2, 0x38, 0x2, 0x0, 0x6e})

2m4.472793161s ago: executing program 3 (id=420):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x401, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc0189374, &(0x7f0000000080)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x4}}, './file1\x00'})

2m4.406184093s ago: executing program 3 (id=421):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xa}, 0x94)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000440)=[{0x20, 0x2, 0x81, 0xfffff034}, {0x20, 0x0, 0x5, 0xfffff010}, {0x6, 0x0, 0x2}]}, 0x10)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x8, 0x1, 0x0, 0x0, 0x0, 0x7, 0x1f0519, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x3}, 0x6025, 0x4005, 0xb, 0x3, 0x2, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48)

2m4.308558728s ago: executing program 3 (id=423):
r0 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000100)='./file1\x00', 0x201001a, &(0x7f0000000080)=ANY=[], 0x1, 0x740, &(0x7f0000000140)="$eJzs3U9v2/b5APBHjt24LtBf8dtQFFmasmkPCZA6ktw6MHrSZMphK0sGKRcJdhiKJhmCOu3QbMDiHYpeuu1F7NDr3kTfxG57Db3vsnkg9cd/YstZklpF9vkY9fcr8iG/DymVj6lQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAUWuv1+uNWnSz3vat5GTt9by/OWX+eH3fH2qmjBtRK/+LxcV4YzjpjZ/vz369/HU5Lg4fXYzFslmM3Vdef+3Dn83PjZefktCZePho9/NPd3bufjXrRGZkI+1lRT/bbG2kSVb0k7XV1fr1m50i6WTdtLhdDNLNpJ2nrUE/T660ryaNtbWVJF2+3d/ubay3uul44o33mvX6avLR8lbayot+7/pHy0X7ZtbtZr2NKqacXcbcSH7zZf5xNkgGaWszSe7d37m7clqSZVDjSYKapwU1681mo9FsNlY/WPvgRr0+36wvxqEJ9SPi0CJJvT4/ftHGa8PX9kljvRQnz//7aYlypuYOPliMKc9ccuBQCTM3N6r/0Y0serEdtyI59qcd65FHPzZPmD/yfcQfq871dOq4Zf1eHNX/cZV/Y3/2hfLX5fH/SpdOqv8n5HJ2Pw/jUezG5/Fp7MRO3I2vZp7R2f5sRBq9yKKIfmSxGa1qSjKaksRarMZq1OPXcTM6UUQSnciiG2kUcTuKGERavaLakUcarRhEP/JI4kq042ok0Yi1WIuVSCKN5bgd/diOXmzEerSqtdyL+9V+X5mS4ySo8SRBzSlBo2JevvAq84/9QVCvz4/mHVf/b0zq/1+r+vDw3bOoTszE+SOPz407z+/gDc9ob1z/Y2/v33ulWWcEAAAAPG+16t332qWXJo87WTf91YyzAgAAAJ6n6lKmi2WzUPbejFrn3KGAl2aUGAAAAPDc1OLS6F2ApXhr/H7AsKk79wcAAIAXQ3W+f6lslsreW1Gb3AmlPgmam2GCAAAAwDP78/499nfjyD12x7cyLU//y37tm61b79YetMpprQejjwmcO7rGQedC7dXRSqpmdX70qJ1erI3ufjm5CeYPo+beaff6r+X5wrMmsP9Oxtt3hu2dyZxqlKVO1k2X2/3uh41otV6dG6S3Br//4v4fIsrR/9LbfLUW9+7v3F3+7MudO1Uu35Rr+ebBgcsmnjSX38Wbw5g3z8djW7wbtYUyl/po3KXhuPWD2z+3/+yUXn6CMb8dx1xeGrZLh7d/sRyzsXzS1i/Vzo+WH235K5MN/W+2/Ntx8DtX3hk2x2TRnJJFtS+aB/f/kX3xRFnEO6dnsTLOYv/OmIezWHnGLABm5d6kCh2uuwuTe+xXdfdf/3di3ZmYcpQ7m+r+bVwZxly5UB1Y5y8cc0SvH1tX9s4dqbFPX9f/FleHMVfHwSfV2DxfiIjxuI1q3O/KBb47cdyiO94hD34b1+ce7b53v4q9+0WzubJaf79e/6AZC9VmjJoy038uHs305VB7AP6nXa6u/5/2HTvHR5zbL8219+Ptsv3FgbPqsiZNKt7/Ty4pWI7P4svYiTtxrfq0QXXFwbHjLh24DOFaXB4le/xZ69KBb3i5dspZ3TB2/LfLk8QOv14GAF4kl0+pw5P6P/layzLifHxYldDhufu1A+fdi/vn3eN/PzhSy6efHR+s5QDAjyPNf6gtDf5Uy8sHjbW1RmtwM03yfvvjJM/WN9Ik6w3SvH2z1dtIk628P+i3+92y80m2nhZJsb211c8HSaefJ1v9Yvye8uir34t0s9UbZO1iq5u2ijRp93uDVnuQrGdFO9na/mU3K77e29vrzEVSbKXtrJO1W4Os30uK/nbeTpeTpEjTUeDNNE+y9bQ3yDpZ2e0lW3l2PvLbySf97vZmmqynRTvPtgb9vMpmPFbW6/TzzWq1y7Pd1QDwk/Hw0e7nn+7s3P3q+M5inDir6vxj+uLDzqy3EQA4bFqVfuzqMwAAAAAAAAAAAAAAYCZO+fzf03dqR6bMRcSPNdYL19n7+kzGGn/AY3bPzrmfyA5/vPPdgSnJc1zzyxHxNIvXnmqpkzoLEXFKzIwPTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwjP8EAAD//72kP3M=")
readlink(&(0x7f0000000080)='./file1\x00', &(0x7f00000000c0)=""/13, 0xd)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
r3 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040), 0x401, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r4, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f)
connect$inet(r4, &(0x7f0000000040)={0x2, 0x6e27, @multicast1}, 0x10)
sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x300)
r5 = epoll_create(0x8)
epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)={0x1})
fcntl$setsig(r3, 0xa, 0xa)
ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000a00)={'\x00', 0xd6, 0x9, 0x7f, 0x9, 0x7f, <r6=>0xffffffffffffffff})
r7 = syz_clone(0x100, &(0x7f0000000a80)="e76b7e5c94c9ba9b6dfeb04719cbfa7a41ff979b1ec0efc05e545b2c541aef2e90c12311905237065155b6bca353d102612e8affadfc2d115db7174b5474c309c34cb88de4904edfccfeb750ca76f71ebb48a47954416717ba7ae5fd0c648f7fefd17c01bbd546c0fa0afa3cd73c8b9fb89e71f6da9562716db3e5d08719d9a25c9d1e0c68911010a12d888645f909ff54a3e845bc1d21c6e65df70d46de5665d029b9ca7d0348928b8aee75b788efe851", 0xb1, &(0x7f0000000b40), &(0x7f0000000b80), &(0x7f0000000bc0)="63c75bc191bf8aece0c220a8c3c73c63f07939632e4fa35e80ceb189929e885350947775d3b8e9a4cbe804fd65dc927fa8199aab32b3c50971057a294f48dacb68f6af34e98f840d6811f79916831e6ac82188b171c4bb215da3bede2df974fedae9096ecfb8081406a009a5280ea247931edac7bd8cc1b28068ec60d8d1f568eaea1e88b21adf1ca624ff81e0166d67b4d3dbcdcfbbfd4ab19defcf25b843346810896e65fd002a969bc0cf11c2becadc")
fcntl$getownex(r0, 0x10, &(0x7f0000000c80)={0x0, <r8=>0x0})
r9 = getpgid(0xffffffffffffffff)
r10 = getpgid(0x0)
ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000cc0)=<r11=>0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f0000000d00)={0x0, <r12=>0x0})
r13 = syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0)
tkill(r13, 0x13)
r14 = syz_clone3(&(0x7f0000001000)={0x10001000, &(0x7f0000000d80), &(0x7f0000000dc0), &(0x7f0000000e00), {0x3}, &(0x7f0000000e40)=""/179, 0xb3, &(0x7f0000000f00)=""/189, &(0x7f0000000fc0)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff], 0x8, {r1}}, 0x58)
syz_clone3(&(0x7f00000010c0)={0x8000, &(0x7f0000000880), &(0x7f00000008c0), &(0x7f0000000900), {0x9}, &(0x7f0000000940)=""/4, 0x4, &(0x7f0000000980)=""/75, &(0x7f0000001080)=[r6, r7, r8, r9, r10, r11, r12, r13, r14], 0x9, {r1}}, 0x58)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000001c0)={&(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000fef000/0x11000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000fec000/0x4000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ff6000/0x1000)=nil, &(0x7f0000fed000/0x3000)=nil, &(0x7f0000ff3000/0x2000)=nil, &(0x7f00000000c0)="bc4ccfacde6284d34db144cf8db3afe578d007e343a6466dd04550fe84c3ca45d713e70e5e90af9378894a7d8e816900758895b79758fd4b5d2e319c3663c2ccebf23c13f90b36bb7f4072b9a10df09c", 0x50}, 0x68)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r3, 0xc0189374, &(0x7f0000000080)={{0x1, 0x1, 0x63, 0xffffffffffffffff, {0x4}}, './file1\x00'})

2m3.578077889s ago: executing program 3 (id=437):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000340)="0a000300010000", 0x7)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r2}, 0x10)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000640)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x14615, 0xef}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_ICV_LEN={0x5, 0x3, 0x8}]}}}]}, 0x3c}}, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000080b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r4}, 0x10)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@multicast, @random="3f7759dcd4bf", @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x4, 0x1c, 0x66, 0x0, 0x7, 0x2, 0x0, @private=0xa010102, @local}, {0x11, 0xff, 0x0, @empty}}}}}, 0x0)
r6 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r6, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48)
setsockopt$inet6_tcp_TCP_ULP(r5, 0x6, 0x1f, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
sendmsg$RDMA_NLDEV_CMD_GET(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x40, 0x1401, 0xe05, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x40}, 0x1, 0x0, 0x0, 0x8001}, 0x8004001)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0x200000000000001a, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r7, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x200, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300000}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x40850)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r9 = creat(0x0, 0x0)
ioctl$BLKTRACESETUP(r9, 0xc0481273, &(0x7f0000000540)={'\x00', 0x7e, 0x7527, 0x5c8, 0x7fff, 0x9})
ioctl$BLKTRACETEARDOWN(r9, 0x1276, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)

2m3.478810693s ago: executing program 3 (id=440):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x42, 0x61)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffff000)

2m3.478443643s ago: executing program 32 (id=440):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000000001c000000000000ea04850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000400)='./bus\x00', 0x42, 0x61)
r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r1, &(0x7f0000004200)='t', 0x1)
sendfile(r1, r0, 0x0, 0x3ffff)
sendfile(r1, r0, 0x0, 0x7ffff000)

10.809123495s ago: executing program 1 (id=2570):
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r0 = open$dir(0x0, 0x1, 0x0)
r1 = inotify_init1(0x800)
inotify_add_watch(r1, &(0x7f0000000380)='./file0\x00', 0x10000041)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r2, 0x2000009)
sendfile(r0, r2, 0x0, 0x20000000000006)
r3 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000580)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
tee(r3, r4, 0x1, 0x0)

9.954489721s ago: executing program 1 (id=2581):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0xac, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x7c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x200, 0x3, 0x8, 0xfffffff9, 0x2, 0x2}}, @TCA_NETEM_SLOT={0x2c, 0xc, {0x100000000, 0x3ff, 0x3, 0x2, 0xf, 0xfff}}, @TCA_NETEM_ECN={0x8}]}}}]}, 0xac}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)

9.872709105s ago: executing program 1 (id=2582):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
socket$pptp(0x18, 0x1, 0x2)
r2 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
r3 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r3, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r4 = memfd_create(&(0x7f0000000100)='\vem\xda\x99R@m\xfc\xfe\x9b#*\xff', 0x0)
write(r4, &(0x7f0000000040)="0600", 0x2)
sendfile(r4, r4, &(0x7f0000001000), 0xffff)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x4, 0x28}, 0x50)
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r4, 0x0)
ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000c40)={0x0, 0xfe72})

8.939328315s ago: executing program 1 (id=2602):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000001280)={[{@prjquota}, {@auto_da_alloc}, {@init_itable_val={'init_itable', 0x3d, 0x400}}, {@dax_always}, {@init_itable}, {@dax}]}, 0x1, 0x576, &(0x7f0000000b80)="$eJzs3d9rW1UcAPDvTZv91nUwhopI0Qcnc+na+mOCD/NZhwN9n6HNymi6jCYdax24PbhnGb6IA/FdfPZx+A/4oP/CQAdDRtEHXyo3vcnSNmnTLe2y5vOBO865P3LOybnn7JycpDeAgTWa/pOLeDkivkkijkZEkh0bjuzg6Op5y49uTKVbEisrn/2d1M9L443Xalx3OIu8FBG/fh1xKrcx3eri0myxXC7NZ/Gx2tzVseri0unLc8WZ0kzpysTk5Nl3Jyc+eP+9npX1rQv/fvfpvaEsduxOEufiSBZrLcdTuNkaGY3R7D3Jx7l1J473ILF+krTd+/Ou54PtGcraeT7SPuBoDGWtHtj7voqIFWBAJdtu/7/ndyYnwO5qjAMac/sezYOfGw8/Wp0AbSz/8OpnI3GgPjc6tJysmRml892RHqSfpvHLX3fvpFv07nMIgC3dvBURZ4aHN/Z/Sdb/PbkzXZyzPg39H+yee+n45+12459cc/wTbcY/h9u03SexdfvPPehBMh2l478P245/m4tWI0NZ7IX6mC+fXLpcLqV924sRcTLy+9P4Zus5Z5fvr3Q61jr+S7c0/cZYMMvHg+H9a6+ZLtaKT1PmVg9vRbzSdvybNOs/aVP/6ftxocs0TpTuvtbp2Nbl31krP0a82bb+H69oJZuvT47V74exxl2x0T+3T/zWKf1nXf60/g9tXv6RpHW9ttp69VBXafxw4L9SNNeT11pT/uj+/t+XfF4P78v2XS/WavPjEfuST5r7c439E4+vbcQb56flP/nG5v1fu/v/YER80VXpI24f/+nVTsf6of6n29Z/c3a7rv63H7j/8Zffd0q/u/7vnXroZLanm/6v2ww+zXsHAAAAAAAA/SYXEUciyRWa4VyuUFj9fsfxOJQrV6q1U5cqC1emo/5b2ZHI5xor3Udbvg8xnq0YNuIT6+KTEXEsIr4dOliPF6Yq5elnXXgAAAAAAAAAAAAAAAAAAADoE4c7/P4/9efGP+9+YPdzCOyozR753ebZ/cAesuUj/3vxpCegL23Z/oE9a/vt/4/XdyQjwK7z/z8MLu0fBpf2D4NL+4fBpf3D4NL+AQAAAAAAAAAAAAAAAAAAAAAAAAAAoKcunD+fbivLj25MpfHpa4sLs5Vrp6dL1dnC3MJUYaoyf7UwU6nMlEuFqcrcVq9XrlSujk/EwvWxWqlaG6suLl2cqyxcqV28PFecKV0s5XelVAAAAAAAAAAAAAAAAAAAAPB8qS4uzRbL5dK8gMATBYb7IxsCPQ48654JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB77PwAA///WczQE")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000011c0)={0x2, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x800714, &(0x7f0000000000), 0xff, 0x4a7, &(0x7f0000000280)="$eJzs3M9rHFUcAPDv7OZHfyfWWm1tdbWKxR9Jk1btwYOKggcFQQ/1GJO01mwbaSLYEjQVqUcpeBePgn+BNy+iHkTwquBRCkWD0NRTZHZm2s1mkyZpkm2znw9s9r35se99Z+btvpmXmQDaViX9k0TsiIjfI6Iny85foJK9zc5MDV+fmRpOYm7urb+T2nLXZqaGi0WL9bbnmcOliNJnSbyYLCx34vyFsaFqdfRcnu+fPPNB/8T5C8+cPjN0avTU6NnB48ePHR14/rnBZ9ckzjSua/s/Hj+w77V3Lr8xfOLyuz99m1Zr78Fsfn0ct3S9SUBNVNKt9s9cTeO8x1dQ97vBzrp00tHCirAi5YhId1dnrf33RDlu7ryeePXTllYOWFfpb1P34rOn54BNLIlW1wBojeKHPj3/LV4b1PW4I1x9KaIrT8/OTA3P3oi/I0r59M51LL8SESem//sqfcVKr0MAAKxCrW/zdLP+Xyn21t6zsY5d+RhKb0TcExG7I+LeiNgTEfdF1Ja9PyIeyFae61lm+ZWG/ML+T+lK0zqvkbT/90Jd32+2Lv78rbec53bW4u9MTp6ujh7Jt8nh6OxO8wNLlPH9K799sdi8+v5f+krLL/qCeQWudDRcoBsZmhxaq41w9WLE/o5m8Sc3RgLSI2BfROxf2UfvKhKnn/zmwGIL3Tr+JazBONPc1xFPZPt/OhriLyRLj0/2b4nq6JH+4qhY6OdfL72ZJ7sa591W/Gsg3f/b5h//+ZyL+XvPv0k2XtsZ1erouYmVl3Hpj88XPadZ7fHflbxdG7P+5b1s2kdDk5PnBiK6ktdr+WJD16YP3ly3yBfLp/EfPtS8/e/O10njfzAi0oP4YEQ8FBEP53V/JCIejYhDS8T/48uPvb9E/Ekk0dL9P9L0++/G8d+b1I/XryJRHvvhu/zTtiyMv5i01P4/FtO179pM7fvvFpZbwdvcfAAAAHBXKEXEjkhKfVm6siNKpb6+7H/498S2UnV8YvKpk+Mfnh3J7hHojc5ScaWrp+566EAynX9ilh/MrxUX84/m142/LG+t5fuGx6sjLY4d2t32+e0/ivaf+qvc6toB6879WtC+Gtt/qUX1ADbecn7/nQvA5tSk/W9tRT2Ajef8H9pXs/b/SUNe/x82p4Xt/88mj6wDNiP9f2hf2j+0L+0f2tJy7+LviojuiFj1QwDmJYqbBVa6evFFdWFsy7Lv8L/zEpV1+eTiiRfrWfmtcXNKlO6IjbmBifJYd8tKT1vMxhba5GE1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAd6H/AwAA///g6dxC")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff)
creat(&(0x7f0000000380)='./bus\x00', 0x0)
ioctl$USBDEVFS_GET_SPEED(r0, 0x551f)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x40, 0x0)
mount(0x0, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x1001, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000500), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_DEBUG_SET(r2, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e00000000000000000018000280080002001100000004000100080004"], 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x8090)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})

8.572421611s ago: executing program 1 (id=2608):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000740)='kfree\x00', r2, 0x0, 0x40008003}, 0x18)
syz_mount_image$ext4(&(0x7f0000000300)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1818e58, &(0x7f00000003c0), 0x2a, 0x63f, &(0x7f0000000d80)="$eJzs3c9rXFsdAPDvvZPkJWl86RMRX1AMuHgP5KVJfVh1Y1sXdlGwYBciLhqapIZOf5CkYGvBBFwoKIi4LdKN/4B76d6dCOrOtVBFKha0dB73zp1mMplfaTIzSe7nA5M599wzOeebOyf33HvnzA2gtOazH2nE+xGvbyQRs03rZqK+cr4o9+Lfj29mjyRqte/+K4mkyGuUT4rnM8XCZET86XLEpyv76918+Oj2crVW95OIc1t37p/bfPjoo/U7y7dWb63eXTr/tY8vLH596eOlpoa+vTPF85Wr3/n8L3/6w6+u/bn6URIX4/r4j1eiJY6jMh/z8boIsTl/LCIuZIk2f5eT5hSEUGqV4v04HhGfjdmo5Et1s7H+i5E2DhioWiWi1l3SqwBwUuneUFaNcUDj2L6/4+DrAx6VDM/zS/UDoP3xjxWnHCbzY6PpF0nTkVH93MbZI6g/q+PV48knrx7PPYk95yFevtk6Y0dQTyfbOxHxuXbxJ3nbzuaRZvGne47104hYjIiJon3fOkQbkqb0IM7DdHOQ+Ju3Qxb/xeI5y7/8lvW3ntYadvwAlNOzS8WOfDtb2t3/ZWOPxvgn2ox/Zg5/SSY36v1f5/FfY38/mY970pZxWDZmudb+V463Zvz951d+3an++vhv7knjkdXfGAsOw/OdiLmW+H+WBVuMf7L4kzbbPyty42J/dXz7L/+80mndqOOvPY34oO3xz+6oNEt1uT55bm29urpY/9m2jj/88Qe/61R/+/jfGUCk7WXbf7pD/E3bP219XfY3ud/+V+60Zvz+2tM7neqf6bn9039MJPXjzYki50c7W1sbSxETydWiSJG/vLW1cb57vPUyL2v581I9/g+/1L7/73n/t0Q11fiX2Yf737v9otO6t3n/N11Mfl3rsw2dZPGv9N7++/p/lverPuv47/cffKHTum7xTx0mMAAAAAAAACihNL8Gm6QLb9JpurBQny/7mZhOq/c2t768du/B3ZWID/PPQ46nkSb5R0Zm68vJ2np1dan4PGxj+XzL8lci4r2I+E1lKl9euHmvujLq4AEAAAAAAAAAAAAAAAAAAOCYOFPM/2/cp/o/lfr8f6Aket9gbt/9H4BTYpA3mASOt7z/d9vFvzu8tgDDZf8P5aX/Q3np/1Be+j+Ul/4P5aX/Q3np/1Be+j8AAAAAnErvffHZ35KI2P7GVP7ITBTrTPqF0238QKUrA2sHMHx6NJTXm0v/BvtQOn2N//9XfDng4JsDjEDSLjMfHNS6d/5nbV+5a+fwbQMAAAAAAAAAAAAA6j54v/P8/4PNDQZOGtP+oLwOMf/fVwfACeer/6G8HOMDPWbxx2SnFb3m/wMAAAAAAAAAAAAAR2YmfyTpQjEXeCbSdGEh4lMRcTbGk7X16upiRLwbEX+tjL+TLS+NutEAAAAAAAAAAAAAAAAAAABwymw+fHR7uVpd3WhO/H9fzulONO6C2rtwrY8yXRPfjAO+KpLh/1mmImLkG2VgibGmnCRiO9vyx6JhG5txPJqRJ0b8jwkAAAAAAAAAAAAAAAAAAEqoae5xe3O/HXKLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGD4du//3yOxMl1/QV+F9yZGHSMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcDJ9EgAA//+YYDw3")
ioctl$HIDIOCGCOLLECTIONINDEX(r0, 0x40184810, &(0x7f0000000000)={0x1, 0x3, 0x4, 0x8, 0x6, 0x8001})
ioctl$BLKROSET(r0, 0x125d, &(0x7f00000003c0)=0x5)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
fcntl$lock(r3, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8})
fcntl$lock(r3, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd})
fcntl$lock(r3, 0x26, &(0x7f0000000280)={0x1, 0x0, 0x2f, 0x9})
fcntl$lock(r3, 0x26, &(0x7f0000000240)={0x1, 0x2, 0x809, 0x34ef})
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x2200002, &(0x7f0000000400)={[{@user_xattr}]}, 0x9, 0x532, &(0x7f0000000fc0)="$eJzs3c9vI1cdAPCvJ4mTbtNmF3qACtgFCguq1t5426jqhe4FhKpKCMQBcdiGxI1C7HWInaoJkUj/BjhwhT+BAxIHpJ44cOOIxAEhlQPSAhFogwSS0YzHqTdxut7GPyD+fKTRzJvnme97SWbezPNkXgBT60ZEHEZEMSLejIilfH0hn+K1zpR+7uHRwdrx0cFaIdrtb/2tkOWn66Jnm9TT+T4XIuKbX4v4XuFs3Obe/tZqrVbdydPlVn273Nzbv7VZX92oblTvVyoryyu3X7nzcmVodb1e/8WDr26+/u1f/+rT7//u8Ms/TIu1mOf11mOYOlWfO4mTmo2I10cRbAJm8nlxwuXgo0ki4mMR8bns+F+KmeyvEwC4zNrtpWgv9aYBgMsuyfrACkkp7wtYjCQplTp9eM/FlaTWaLa6HXuLEXE15pK3NmvV29fm//CDbO1cIU0vZ3lZfpaunErfiYhrEfGT+aeydGmtUVuf0DUPAEy7p0+1//+c77T/A+jzrR4A8H9jYdIFAADGTvsPANNH+w8A02eA9j//sv9w5GUBAMbjCe7/k1GWAwAYH/3/ADB9tP8AMFW+8cYb6dQ+zt9/vf723u5W4+1b69XmVqm+u1Zaa+xslzYajY3snT31x+2v1mhsL78Uu++UW9Vmq9zc279Xb+zeb93L3ut9rzo3lloBAB/m2vX3fl+IiMNXn8qm6BnLQVsNl5vneWB6eYkfTC+jfcH0Gvwe/7cjLQcwOX3vAxb6Lj7qp08QxHNG8D/l5icH7/83xjNcLvr/YXrNfKSt5odeDmD89P/D9Gq3C6fH/C+eZAEAl9IFnvFv/2hYFyHARD3uOeChfP8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAl8xiRHw/CkkpHwt8MZKkVIp4JiKuxlzhrc1a9XZEPBvXI2JuPk0vT7rQAMAFJX8p5ON/3Vx6YfF0brHwr2yw/2La+ufrdpbT9X8/WT/fHT6s8sF2FxhXEAAYsndWW62dSj7vuZF/eHSw1p3GWZ4Hd+M/+VDEa8dHB9nUyZmN2Wy+kF1LXPlHIU93xiJ9PiJmhhD/8N2I+ES/+heyvpGr+cinvfEjj/3MWOMnj8RP8musJL92+/gQygLT5r27EfFav+MviRvZvP/xv5CdoS7uwd3OzrrnvuOjg2I3fvf8N9MnfnrM3xg0xku/+fqZle2lTt67Ec/PPhL/5PzTjV84J/4LA8b/46c+8+OvnJPX/lnEzegfvzdWuVXfLjf39m9t1lc3qhvV+5XKyvLK7VfuvFwpZ33U5W5P9Vl/ffXFZ88rW1r/K+fEX+hb/+LJtl8YsP4///eb3/3sh8T/0uf7xU/iub7xO9Jz/xcHjL965ZfnDt+dxl8/p/6P+/2/OGD89/+8vz7gRwGAMWju7W+t1mrVnQstpHehw9jPmYW0iEPdYZ+FYk/h/xSjjfVEC3Oj+qmOfGH25FpxuHv+TrrHMVcnGXotLrTwcFyxJnteAkbvg4N+0iUBAAAAAAAAAAAAAADOM45/XZp0HQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALi8/hsAAP//la3EMg==")
io_setup(0x8, &(0x7f0000000000)=<r4=>0x0)
r5 = eventfd2(0x0, 0x80001)
io_submit(r4, 0x1, &(0x7f0000000600)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}])
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc0189379, 0x0)
io_cancel(r4, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x2, 0x1, r0, &(0x7f0000000140)="3a38d6e4d24ae3c04edefc8c057b46ad0ff7e0480daf578b905bdf9f7f20f53a84db3d9a4c777c2671a8fdefe34dfd424897abc68e3ecb4c240e29de91b3730787f646d9984e5e6a09a3791380456bf2ee448d84ae7cc04be831186306ad5c3cee2a40fb1137217b0ca61d6134dfd162dff815ec46a4caa8ac95dadfea2cbce70bb87f2361c44bf394fb0a1fc6395b2158ab6f33e06361083a89cc05763874935dee8f27aeb44b599de64d8ff4985ae50c382ed12b0bdde96c08c64acb35581a07eb5f844ccf388e6823286daadd5a01a31650d14bf2229fb3a456216cba4ec37739", 0xe2, 0x2}, &(0x7f0000000340))
r6 = syz_open_dev$mouse(&(0x7f0000000040), 0x3, 0x1)
getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r6, 0x84, 0x7, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

8.247266485s ago: executing program 1 (id=2618):
socket$inet6(0xa, 0x3, 0x3a)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='sys_enter\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
openat$ppp(0xffffffffffffff9c, 0x0, 0x103100, 0x0)
close(r1)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x8, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x5}, 0x2004c000)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="180000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0)

8.218171556s ago: executing program 33 (id=2618):
socket$inet6(0xa, 0x3, 0x3a)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000002c0)='sys_enter\x00', 0xffffffffffffffff, 0x0, 0x3}, 0x18)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
openat$ppp(0xffffffffffffff9c, 0x0, 0x103100, 0x0)
close(r1)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x8, &(0x7f0000000080)=[{0x0}], 0x1, 0x0, 0x0, 0x5}, 0x2004c000)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="180000006800019f00000000000000000a000000000000000800010001000000040004"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0)

6.350311257s ago: executing program 2 (id=2640):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'lo\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000180)=ANY=[@ANYBLOB="300000001c00010028bd7000fedbdf25020000", @ANYRES32=r2, @ANYBLOB="37001404080001000010"], 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x4000004)

6.27916824s ago: executing program 2 (id=2642):
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000000640)='ext4\x00', &(0x7f0000000200)='./file2\x00', 0x200000, &(0x7f0000000300), 0xfc, 0x580, &(0x7f0000000f80)="$eJzs3UtrXFUcAPD/nUzS9KFJoRR1IYEurNROmsRHBRd1KVos6L4OyTSUTDolMylNLNgu7MaNFEHEgujOhXuXxS/gpyhooUgJunATuZM76bSZaV4zmdT5/eC259xzZ/7nzL3nzLmPIQH0rbH0n1zEyxHxdRIx0lSWj6xwbG27lUc3ptMlidXVT/5KIsnWNbZPsv8PZ5mXIuK3LyNO5TbGrS4tzxXL5dJClh+vzV8dry4tn748X5wtzZauTE5NnX1ravLdd97uWFtfv/DPdx/f++DsVydWvv3lwdE7SZyLI1lZczt24WZzZizGss9kMM49teFEB4LtJ0mvK8CODGT9fDDSMWAkBtZzLayO7HX1gC76Iu3WQJ9K9H/oU415QOPcvkPnwc+Nh++vnQBtbH9+7dpIDNfPhg6tJNn1kDXp+e5oB+KnMX798+6ddInOXYcA2NTNWxFxJp/fOP4l2fi3c2e2sM3TMbL4bS5AAZ10L53/vNFq/pNbn/9Ei/nP4RZ9dyfa9P8muQcdCNNWOv97r+X8d/2m1ehAlnuhPucbTC5dLpfSse3FiDgZgwfS/DPu53yWW7m/2q6wef6XLmn8xlwwq8eD/IEnXzNTrBV31egmD29FvNJy/pus7/+kxf5PP48LW4xxvHT31XZlm7d/XVduMa3+GPFay/2fPBH4Gfcnx+vHw3jjqNjo79vHf28Xfxvt74qHP2eJ9u0fTZrv11a3H+OH4X9L7cp2evwPJZ/W00PZuuvFWm1hImIo+Wjj+snHr23kG9unx//JE88e/1od/wfTjr3F9t8+drt50+Httb+70vbPtD/+Bzbu/+0n7n/4+fft4m9t/79ZT53M1mxl/NtqBXf7+QEAAAAAAMB+kouII5HkCuvpXK5QWHu+41gcypUr1dqpS5XFKzNR/63saAzmGne6R5qeh5jInodt5Cefyk9FxNGI+GbgYD1fmK6UZ3rdeAAAAAAAAAAAAAAAAAAAANgnDkcMt/r9f+qPgV7XDui6fK8rAPRM+/6flXTiLz0B+9KOv/+HO1sPYO+Z/0P/0v+hf+n/0L/0f+hf+j/0r+b+P9TDegB7bzvf/z+d72JFAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/hwvnz6bK68ujGdJqfuba0OFe5dnqmVJ0rzC9OF6YrC1cLs5XKbLlUmK7Mb/Z+5Url6sRkLF4fr5WqtfHq0vLF+crildrFy/PF2dLF0uCetAoAAAAAAAAAAAAAAAAAAACeL9Wl5bliuVxakJDYUSK/P6oh0ZwY2v379HpkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDH/gsAAP//3Kw5xQ==")
listxattr(&(0x7f0000000080)='./file1\x00', &(0x7f0000000280)=""/73, 0x49)

6.128116536s ago: executing program 2 (id=2644):
sched_setscheduler(0x0, 0x2, 0x0)
r0 = socket$inet6(0xa, 0x3, 0x5)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0x0, 0x62], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r2, &(0x7f0000009600)=[{{&(0x7f0000000240)={0xa, 0x4e21, 0x2, @private0}, 0x1c, &(0x7f0000000d00)=[{&(0x7f00000002c0)='\n', 0x1}], 0x1}}, {{&(0x7f0000000280)={0xa, 0x4e20, 0x200, @private2={0xfc, 0x2, '\x00', 0x1}, 0x1}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000500)='s', 0x1}], 0x1}}], 0x2, 0x40088d4)
shutdown(r2, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0x13, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000009555ef"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./bus\x00', 0x289c2, 0x1)
fremovexattr(r3, &(0x7f0000000040)=@known='system.posix_acl_default\x00')
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x818010, &(0x7f0000000300)={[{@minixdf}, {@grpjquota}]}, 0x3, 0x738, &(0x7f0000000780)="$eJzs3V9rW2UYAPDnnDambtVWUPEPyMSh4li61snYlduV3gwHA2+30malNl1qk8wl7GK78lZEURBBv4P3itd+AL+Cgn9GvZhXkZN/29qki1vbQPP7wUne55wTnvddxvtA30PeAMbWsewljXgxIi4mETOd80lE5FqtyYhz7fu27txcyo4kms1LfyWte7I47vtM5mhE3IqIFyLi51zEiXRn3kq9sbZYKhU3O/FcdX1jrlJvnFxdX1wprhSvnT19euH0mXfOnt27sb71wYfPF7qdnP/thyTOxXQnvH8ce6mdLpf9Ez7gvf1INkLJqDvAI5mMiInO+3MxExOtFgBwmDXzEU0AYMwk6j8AjJnu3wG6a3v7tQ42yB/nI2KqX/7JzprZVGsd8shW8sDKRBIRswfZUQ6lW7cj4srssZ3//5Ida7b/16m96CD76qds/jnXb/5Je/NP9Jl/prrPTjymwfPfvfwTA+a/i0PmeP/lWnlg/tsRLyWTffInvfzJgPxXhsz/493lfwdda34f8fr2+jMRDzxRkOz6fMjc1dVS8VT7tX+OY7WbH+02/iN961/SeoZlt/FvDDn+6c9f/eXWLvnffG337z+J+PN8Z42+K6uJnw2Z/9Pcu18OupblX+6O/9vj9115+Pf/3ZD5z7zycWPIWwEAAAAAAAAAAAAAAAAAAAAAAAAAAOBQSCNiOpK00GunaaHQ3sP72TiSlsqV6omr5dq15WjtlT0bubT7U8sz7TjJ4vnO7/F344VWe6sXvx0Rz0TEF/knW3FhqVxaHvXgAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDj6Lb9///Jt/f/BwAOualRdwAAOHDqPwCMH/UfAMaP+g8A40f9B4Dxo/4DwPh5hPqf349+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA2Ll64kB3NrTs3l7J4+Xq9tla+fnK5WFkrrNeWCkvlzY3CSrm8UioWlsrr2z+fbItL5fLGwkLUbsxVi5XqXKXeuLxerl2rXl5dX1wpXi7mDmxkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADC86daRpIWISFvtNC0UIp6KiNnIJVdXS8VTEfF0RPyaz+WzeH7UnQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAPVapN9YWS6XipoaGhkavMeqZCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7evU2/R90TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABil9PckIrLjjZnj09uvPpHczbfeI+KTby59dWOxWt2cz87/3Ttf/bpzfmEU/QcAHqZbp7t1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6qdQba4ulUnGzUk8i4m6zrX2md+nxGqMeIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe+e/AAAA//829Mx2")
connect$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
sendmmsg(r1, &(0x7f00000092c0), 0x4ff, 0x0)

5.488671764s ago: executing program 2 (id=2651):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$PIO_UNIMAP(r0, 0x4b67, &(0x7f0000000180)={0x3, &(0x7f0000000100)=[{0x1936, 0x5}, {0x99b, 0xd}, {0x5, 0x9c}]})
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0xc2f00, 0x4d, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c00000002060104db406e3e0004000200000000100003006269746d61703a706f72740005000400000000000900020073797a32000000000500050000006c00050001000600000024000780080008400000137906000440fffff0000600054000000000080006"], 0x6c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='mm_page_free\x00', r1}, 0x18)
r3 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x1e, r3, 0xfffffffffffffffd, 0xfffffffffffffffc, 0x0)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, r3)
kexec_load(0x0, 0x1, &(0x7f0000000140)=[{0x0, 0x3e00, 0x116094000, 0x41000000}], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x7, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x2c}, @initr0, @exit]}, &(0x7f0000000000)='GPL\x00', 0x4}, 0x94)
socket(0x21, 0x1, 0x1)

2.441793875s ago: executing program 0 (id=2704):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kmem_cache_free\x00', r1, 0x0, 0x8000}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
getdents64(0xffffffffffffffff, 0x0, 0x0)

2.247705123s ago: executing program 0 (id=2705):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000010000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000400000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)=r1}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, r1, 0x0, 0xd20}, 0x18)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff)
socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000000200)=0x1000000, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f00000000c0)=0x10089, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a30000000002c000000030a01010000000000000000020000000900010073797a30000000000900030073797a32000000003a000000030a03000000000000000000020000000900010073797a30000000000900030073797a32"], 0xa0}}, 0x8040)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0185879, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x3, &(0x7f0000006680))
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x818018, &(0x7f0000000300)={[{@minixdf}, {@grpjquota}]}, 0x1, 0x749, &(0x7f00000008c0)="$eJzs3U1vW8UaAOD3nMbXuWnuTa50QXxIKAhEEVWdJrSquqIsEGwqIlVim0aJE4U4dYjt0kRdpCu2CIFAYgP/gQ0rEGt+AH8BJAQlLMrK6PgjTRO7MWkaV/HzSMd+Z845emfsaEbxWJ4ABtZE9pBGPBsRM0nEWKs+iYhcIxqKuNK8bvvu7fnsSKJev/Zb0rgmK8euezKnI2IrIp6JiB9yEWfT/XkrG5src6VScb1Vnqyurk1WNjbPLa/OLRWXijcuX7gwfeHSxcuXj66vr7373tOFi2+NfjuzOHtm6udvkrgSo61zu/txeCP7apqvSS57CR/w9qMne6Ik/W4AhzIUEadaz0/FWJxqRADASVbPR9QBgAGTmP8BYMC0Pwdor+0dzTpY7359MyKGO+Ufaq2ZDTfWIUe2kxjatciUhePH2VBOpK07EXF9fGL/31+yb832nzp/FA3ksfo+G3+udBp/0p3xJ9rjz677htvfnXhE3ce/+/lPdcifjX8zPeZ45/lauWv+OxHPDXXKn+zkT7rkv95j/u/uLfzV7Vz964hXOs4/yQO5un8/ZHJxuVQ833zsnGOidvv9h/V/pEv+rQP6v9Zj/0c/efHHrYfkf/Wlh7//nfJnc+LHPeb/KPfGZ93OZfkXuvT/oPf/qx7zX3rhg80eLwUAAAAAAAAAAAAAAAAAAAAAAAAAAIATIY2I0UjSwk6cpoVCcw/v/8dIWipXqmcXy7UbC9HYK3s8cmn7p5bHmuUkK0+1fo+/XZ5uxNs75dcj4n8R8Wn+341yYb5cWuh35wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5fSe/f//zDf3/wcATrjhfjcAADh25n8AGDzmfwAYPOZ/ABg8B8//fxxLOwCA4+P/fwAYPIeY//OPox0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIyZq1ezo7599/Z8Vl64uVFbKd88t1CsrBRWa/OF+fL6WmGpXF4qFQvz5dW99yd7yqVyeW16Omq3JqvFSnWysrE5u1qu3ajOLq/OLRVni7lj6xkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9G60cSRpISLSRpymhULEfyJiPHLJ4nKpeD4i/hsRP+Vz+aw81e9GAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMARq2xsrsyVSsX1/gYRE+OHvj19UnohEJyYoN8jEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABy/+5t+97slAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANBP6S9JRGTHmbGXR/ee/VdyL994jogPv7z2+a25anV9Kqv/fae++kWrfrof7QcADtKep9vzOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB0UtnYXJkrlYrrzeBevel+zREE/e4jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABH5+8AAAD///St0sU=")
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r5 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24}, 0x24}, 0x1, 0x0, 0x0, 0x800}, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='kfree\x00', r6}, 0x18)
getsockname$inet6(r5, &(0x7f0000000380)={0xa, 0x0, 0x0, @private0}, &(0x7f00000003c0)=0x1c)
getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}}, 0x24}}, 0x20004000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x9}, {}, {0x1, 0xfff1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x14, 0x2, [@TCA_CGROUP_EMATCHES={0x10, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x4}, @TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}]}]}}]}, 0x44}}, 0x1)
sendmmsg(0xffffffffffffffff, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.007721197s ago: executing program 0 (id=2732):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {0x0}, {&(0x7f0000001480)}], 0x3)
ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0x40305839, &(0x7f0000000000)=ANY=[@ANYBLOB="00000000000800000000000000000000000000000002"])
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r2, 0x11c, 0x4, &(0x7f0000000000)=""/152, &(0x7f00000005c0)=0x98)

674.693531ms ago: executing program 4 (id=2740):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xf, &(0x7f00000005c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8b, 0x0, 0x0, 0x0, 0x200b}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x86}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x2a}}}, &(0x7f0000000080)='GPL\x00', 0x9, 0x1001, &(0x7f0000000780)=""/4097, 0x40f00, 0x2f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)

628.913213ms ago: executing program 6 (id=2741):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x18, &(0x7f00000005c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8b, 0x0, 0x0, 0x0, 0x200b}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x86}}, {}, [@jmp={0x5, 0x1, 0xb, 0xa, 0x0, 0x6}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x2a}}}, &(0x7f0000000080)='GPL\x00', 0x9, 0x1001, &(0x7f0000000780)=""/4097, 0x40f00, 0x2f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)

628.304763ms ago: executing program 4 (id=2742):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)={0x50, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x20044000}, 0x8042)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x2c, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)

598.045874ms ago: executing program 6 (id=2743):
r0 = gettid()
openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x12000, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x25, 0x0, 0x3, 0xfffffffe}]})
r3 = epoll_create1(0x0)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4800}, 0x4051)
preadv2(r1, &(0x7f0000000480)=[{&(0x7f00000000c0)=""/71, 0x47}, {0x0}, {&(0x7f00000001c0)=""/38, 0x26}], 0x3, 0x0, 0x81, 0x1)
epoll_pwait(r3, &(0x7f00000002c0)=[{}], 0x4e, 0x7, 0x0, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000840), 0x0)
read(r4, &(0x7f0000000200)=""/209, 0xd1)
r5 = openat(0xffffffffffffff9c, &(0x7f00000005c0)='./bus\x00', 0x101042, 0x0)
pwrite64(r5, 0x0, 0x0, 0x9000)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r4, 0x4040534e, &(0x7f0000000180)={0x335, @tick=0xe, 0x42, {}, 0x2})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r4, 0xc08c5334, &(0x7f0000000300)={0x8009, 0x100000d, 0x1, 'queue0\x00', 0x16})
tkill(r0, 0x7)

580.190605ms ago: executing program 4 (id=2744):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000400)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f00000003c0)={0xa, 0xfffe, 0x3000001, @mcast2, 0x6}, 0x1c)
write(r0, &(0x7f00000000c0)="8f2a0a65bd8c002b0304000e0580a7b6070d63e286a5cefe", 0x5ac)

512.601468ms ago: executing program 4 (id=2746):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008000000060000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001240)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000480)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xe, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000080)='kfree\x00', r1, 0x0, 0xfffffffffffff001}, 0x18)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
connect$inet6(r2, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r2, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r2, 0x11a, 0x2, &(0x7f00000000c0)=@gcm_256={{0x303, 0x36}, "f1ff5ef2fe010017", "9e8ecc7bb5352776725e1047711330ff2bb17b5508000000000000009bc400", "c9063700", "46b0dc72b7b1d30e"}, 0x38)

504.998628ms ago: executing program 0 (id=2747):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x0, 0x7ffc0001}]})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@loopback={0xff00000000000000, 0x777fe6a4b23f}, 0x0, 0x0, 0x3, 0x9, 0xa, 0x20, 0x5}, 0x20)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000007c0)='./file2\x00', 0x0, &(0x7f0000000780)={[{@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x8}}]}, 0x3, 0x546, &(0x7f0000000180)="$eJzs3dFrZFcZAPDv3mR2s7upmaoPtWAttrKpupOkcdvgQ1UQfSqoFZ+ENSaTEDLJLMmk3YTFpvgqCCJa8EWffBH8AwTpi+8iFOq7qChSs/qg0PbKnbnTTWZnkhRncpfk94Oz9557Zu73ncnOybkzN/cGcGE9GRHTETEWEc9ExFSxPS1K7HdK/rh7B3eX8pJElr30dhJJsa27r8vF8lrxtImI+MZXI76bPBh3e3dvfbHRqG8V9ZnWRvJOlu3dWNtYXK2v1jfn5+eeW3h+4ebC7FD6WY2IF77815/88JdfeeG3n33lT7f+Pv29PK3/Ztmr0dOPYep0vdJ+LbrGI2JrFMFKMt7uYcfNknMBAOB4+Xz/wxHxyfb8fyrG2rM5AAAA4DzJvjAZ7yQRGQAAAHBupRExGUlaK873nSzOWL0WER+Nq2mjud36zEpzZ3M5b4uoRiVdWWvUZ2Oife5ANSpJXp8rzrHt1p/tqc9HxKMR8eOpK+16banZWC77ww8AAAC4IK71HP//eypNa7Wicb/k5AAAAIDhqZadAAAAADByjv8BAADg/Ktmfe7Q9aB09JkAAAAAI/C1F1/MS9a9//Xyy7s7682XbyzXt9drGztLtaXm1u3aarO52r5m38ZJ+2s0m7c/F5s7d2Za9e3WzPbu3q2N5s5m69bakVtgAwAAAGfo0U+88cckIvY/f6VdcpeKtkpENnb4weNlZAiMygc6p+cvo8sDOHuHf79fKTEP4OyZ0sPFVSk7AaB0J/0B0MCTd34//FwAAIDRuP6xwd//v71SamrAiBXf/yenugAIcK6MlZ0AUJrO93/vZR1lZwOcpcpxMwAHBXDupcP5/v+EUwkTAwoAAJRssl2StFYcB0xGmtZqEY+0bwtYSVbWGvXZiPhQRLw1Vbmc1+faz0zM5gEAAAAAAAAAAAAAAAAAAAAAAADglLIsiQwAAAA41yLSv3XvzHV96unJ3s8HLiX/mWovI+KVn7300zuLrdbWXL79n+9vb71ebH+2jE8wAAAAgF7d4/TucTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNO9g7tL97Isyw7uLp1l3H98KSKqRfyidFrGY6K9nIhKRFz9VxLjh56XRMTYEOLvvxYRj/WLn+RpRbXI4kj8SxFpRFwZVvz4gPGjE//aEOLDRfZGPv58sd/7L40n28v+77/xovy/Bo9/6fvj39iA8e+RQTutHK0+/uavZwbGfy3i8fH+4083fpLvr0/8p07Zx+98c29vUFv2i4jr/ca/5GismdbG7Znt3b0baxuLq/XV+ub8/NxzC88v3FyYnVlZa9SLf/vG+NHHf/Pe/dq7D/T/6jHjb7v/A17/p0/Z/3ffvHPwkc5qz08mKvHzLJt+qv/P/7F88en+8fP/E58qfg/k7flrmL7+rb7xn/jVH54YlFve/+UB/Z/o6f/lnv5Pn7L/z3z9+38+5UMBgDOwvbu3vtho1LesHF6J6kORxsO7ks87S08jiSTylbeONC2Wn1hn5dXiPbbY6L7bhrTn3xUHR6NMvqTxCAAAGJ37k/7elqSchAAAAAAAAAAAAAAAAAAAAOACOvEyYIOa0oi4v+XbPzjmamS9MffL6SoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLH+FwAA//8tudaU")
bpf$PROG_LOAD(0x5, &(0x7f0000000bc0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x7, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r1 = syz_open_procfs(0x0, &(0x7f0000000180)='ns\x00')
r2 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000001380)=@raw={'raw\x00', 0x4001, 0x3, 0x320, 0x0, 0x0, 0x148, 0x0, 0x148, 0x288, 0x240, 0x240, 0x288, 0x240, 0x7fffffe, 0x0, {[{{@ip={@private=0xa010102, @local, 0x0, 0x0, 'ip6gretap0\x00', 'nicvf0\x00', {}, {}, 0x88, 0x3, 0x10}, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'wg1\x00', {0x0, 0x7fff, 0x1ff, 0x100000, 0x0, 0xed, 0x7}}}, @common=@unspec=@connmark={{0x30}, {0x80000000, 0x8}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 0x85d, 0xf, [0x10, 0x32, 0x1e, 0x32, 0x2b, 0x25, 0x3f, 0x17, 0x19, 0x22, 0x2c, 0x3d, 0x7, 0x29, 0x1e, 0x29], 0x0, 0x2, 0x2}}}, {{@ip={@rand_addr=0x64010101, @local, 0xff, 0x0, 'wg0\x00', 'lo\x00', {0xff}, {}, 0x2e, 0x3, 0x4}, 0x0, 0xc8, 0x130, 0x0, {}, [@common=@inet=@tcp={{0x30}, {[0x4e24, 0x4e21], [0x4e23, 0x4e20], 0x2, 0xc2, 0x2, 0x2}}, @inet=@rpfilter={{0x28}, {0x8}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0xfff, 0x7e, 0x1c, 'netbios-ns\x00', 'syz0\x00', {0x3}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x380)
r4 = syz_open_dev$usbfs(&(0x7f0000000000), 0x20000007d, 0x0)
ioctl$MON_IOCH_MFLUSH(r2, 0x9208, 0x51cf)
dup3(r2, r4, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r7 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
sync()
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001240)={0x38, r8, 0xc4fc9e906872338b, 0x0, 0x0, {{0x5}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0xfffffffa}}}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}]}]}, 0x38}}, 0x0)
syz_mount_image$vfat(&(0x7f0000001800), &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8, &(0x7f0000000800)=ANY=[@ANYRESDEC=r3, @ANYRES16=0x0, @ANYRESOCT=r4, @ANYRES8, @ANYRES8=r2, @ANYRESHEX=r7, @ANYRES16=r1], 0x4, 0x276, &(0x7f0000000880)="$eJzs281OE1EYxvGHDwVBmCqKgjG+0Y1uJlCvoCGQGJtokBo/EpNBptp0aEmnwdQYYefW6yAu3ZkYb4CNV+DCHRuXLIxjmFZooURd0An0/9vM25w+zZm+Z5qz6Nl69H65mA/dvFdVb4+pX1rXtpRSr/pU19O49sb1aTVb162x7LerDx4/uZvJZmfnzeYyC7fTZjZ67fOrNx+uf6kOP/w4+mlAm6lnWz/S3zfHNye2fi28LIRWCK1Urppni+Vy1VsMfFsqhEXX7H7ge6FvhVLoV1rG80F5ZaVmXmlpZGil4oeheaWaFf2aVctWrdTMe+EVSua6ro0MCX+T25if9zJJzwJHq1LJeDOSJg+M5DYSmRAAAEjUSd//93f4+zxeDt//D3R+MjgiO/v/p43ntxX7fwAAAAAAAAAAAAAAAAAAAAAAjoPtKHKiKHL+XE9J8QmfqPH6jKQhScOSzkoakTQqyZGUknRO0nlJY5IuSLooaVzSJUmXJU00fVbS94qDDut/H/3vCjz/3Y3+d7emg7uD0vK71dxqrn6tj2fyKiiQryk5+hn3sqFez93Jzk5ZLKUry2uN/Npqrq81Py1nZ8G0y0/X89aaH4jX3W4+LWdngbXLp9vmB3XzRlPelaOvz1VWoKV4Te7l306bzdzL7stPxu876Vzb1bZ/rnvYeD3/D+sjmmrbn35Ncjg7cWHtddELAr9CQUFBsVsk/cuETthretIzAQAAAAAAAAAAAAAAAAD8j078nTDpewQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYL/fAQAA///9eWAW")
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_mems\x00', 0x275a, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000e789501661fb8ca6dbbfae7760709c3d"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r10}, 0x18)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r11=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=ANY=[@ANYBLOB="5800000010000304000300"/20, @ANYRES32=0x0, @ANYBLOB="00000000010000002800128009000100766c616e00000000180002800c0002001e0000001f00000006000100fc0f000008000500", @ANYRES32=r11, @ANYBLOB="851fb1b2d0c1e634f208000a00150c667a48259e2b1d47c33025a29cda74c3544b0f96cfc5fb67e1bb41b6598358ff1e88dfa6116a11d82be09811660400cdc2feec36caf342b71992681e21000000006f82989ba3fd2933fb654224b49b302cc83f32918ddc25f461db02f3d0180fdc11820a700f3198f0bce70c808b9bb7", @ANYRES32=r11, @ANYBLOB], 0x58}}, 0x8000)
ftruncate(r9, 0x81ff)
pwrite64(0xffffffffffffffff, &(0x7f0000000140)='2', 0x155c2, 0x8000c64)
getdents64(r1, &(0x7f0000001f40)=""/4123, 0x101b)

503.157338ms ago: executing program 5 (id=2748):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kmem_cache_free\x00', r1, 0x0, 0x8000}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)})
getdents64(0xffffffffffffffff, 0x0, 0x0)

487.428019ms ago: executing program 5 (id=2749):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000640)='ext4\x00', &(0x7f0000000200)='./file2\x00', 0x200000, &(0x7f0000000300), 0xfc, 0x580, &(0x7f0000000f80)="$eJzs3UtrXFUcAPD/nUzS9KFJoRR1IYEurNROmsRHBRd1KVos6L4OyTSUTDolMylNLNgu7MaNFEHEgujOhXuXxS/gpyhooUgJunATuZM76bSZaV4zmdT5/eC259xzZ/7nzL3nzLmPIQH0rbH0n1zEyxHxdRIx0lSWj6xwbG27lUc3ptMlidXVT/5KIsnWNbZPsv8PZ5mXIuK3LyNO5TbGrS4tzxXL5dJClh+vzV8dry4tn748X5wtzZauTE5NnX1ravLdd97uWFtfv/DPdx/f++DsVydWvv3lwdE7SZyLI1lZczt24WZzZizGss9kMM49teFEB4LtJ0mvK8CODGT9fDDSMWAkBtZzLayO7HX1gC76Iu3WQJ9K9H/oU415QOPcvkPnwc+Nh++vnQBtbH9+7dpIDNfPhg6tJNn1kDXp+e5oB+KnMX798+6ddInOXYcA2NTNWxFxJp/fOP4l2fi3c2e2sM3TMbL4bS5AAZ10L53/vNFq/pNbn/9Ei/nP4RZ9dyfa9P8muQcdCNNWOv97r+X8d/2m1ehAlnuhPucbTC5dLpfSse3FiDgZgwfS/DPu53yWW7m/2q6wef6XLmn8xlwwq8eD/IEnXzNTrBV31egmD29FvNJy/pus7/+kxf5PP48LW4xxvHT31XZlm7d/XVduMa3+GPFay/2fPBH4Gfcnx+vHw3jjqNjo79vHf28Xfxvt74qHP2eJ9u0fTZrv11a3H+OH4X9L7cp2evwPJZ/W00PZuuvFWm1hImIo+Wjj+snHr23kG9unx//JE88e/1od/wfTjr3F9t8+drt50+Httb+70vbPtD/+Bzbu/+0n7n/4+fft4m9t/79ZT53M1mxl/NtqBXf7+QEAAAAAAMB+kouII5HkCuvpXK5QWHu+41gcypUr1dqpS5XFKzNR/63saAzmGne6R5qeh5jInodt5Cefyk9FxNGI+GbgYD1fmK6UZ3rdeAAAAAAAAAAAAAAAAAAAANgnDkcMt/r9f+qPgV7XDui6fK8rAPRM+/6flXTiLz0B+9KOv/+HO1sPYO+Z/0P/0v+hf+n/0L/0f+hf+j/0r+b+P9TDegB7bzvf/z+d72JFAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/hwvnz6bK68ujGdJqfuba0OFe5dnqmVJ0rzC9OF6YrC1cLs5XKbLlUmK7Mb/Z+5Url6sRkLF4fr5WqtfHq0vLF+crildrFy/PF2dLF0uCetAoAAAAAAAAAAAAAAAAAAACeL9Wl5bliuVxakJDYUSK/P6oh0ZwY2v379HpkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDH/gsAAP//3Kw5xQ==")
listxattr(&(0x7f0000000080)='./file1\x00', &(0x7f0000000280)=""/73, 0x49)

372.647694ms ago: executing program 4 (id=2750):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
socket$pptp(0x18, 0x1, 0x2)
r2 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
r3 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r3, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
write(0xffffffffffffffff, &(0x7f0000000040)="0600", 0x2)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000001000), 0xffff)
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, 0xffffffffffffffff, 0x0)
ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000c40)={0x0, 0xfe72})

370.426104ms ago: executing program 6 (id=2751):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000500)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}}, 0x24}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)

364.883605ms ago: executing program 4 (id=2752):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x10050, &(0x7f0000000140)={[{@jqfmt_vfsv1}, {@mblk_io_submit}, {@barrier}, {@nodiscard}, {@nogrpid}, {@max_batch_time={'max_batch_time', 0x3d, 0xffffffff}}]}, 0x0, 0x55a, &(0x7f0000001400)="$eJzs3dFrJHcdAPDvTLJ3ubvUbNWHWrQWW7kreptL47XBh1pBfCsoFZ+EMySbELLJHsmmvSyHTfFVEES04Is++SL4BwjSF99FKNR3UVGk3umDQtuR2Z3N5fZ2k5TbzZzJ5wOTmd/8duf7/e0yv/3NzmQ2gDPr6Yi4EhETEfFcRMwU69Niir3ulD/u7p3bS/mURJa9+l4SSbGut63zxfxS8bSpiE8Pi7u9215fbDTqW0V5trWRvJ9l7atrG4ur9dX65vz83AsLLy5cX7j24JNf/ujtrEbES1/7609++Muvv/TbL77+pxt/v/K9PP//Ztkb0deOUUo6fyv5a7FvMiK2xhGsJJOdFnZdLzkXAAAOl4/3Px4Rn+uM/2diojOaAwAAAE6T7CvT8X4SkQEAAACnVhoR05GkteJ63+niitVLEfHJuJg2mtutL6w0dzaX87qIalTSlbVG/VpMda4dqEYlyctzxTW2vfLzfeX5iHg8In48c6FTri01G8tlf/kBAAAAZ8SlvuP/f8+kaa1WVO6VnBwAAAAwOtWyEwAAAADGzvE/AAAAnH7VLDnOw9LxZwIAAACMwTdeeSWfst7vXy+/truz3nzt6nJ9e722sbNUW2pu3aytNpurnXv2bRy1vUazefNLsblza7ZV327Nbu+2b2w0dzZbN9bu+wlsAAAA4AQ9/tm3/5hExN6XL3Sm3LmirhKRTRx88GQZGQLj8pGu6fnL+PIATt7Bz/cLJeYBnDxDeji7KmUnAJTuqH8AGnrxzu9HnwsAADAelz+1f/5//1Rg7/z/eyvl5QWMX7HTJ4cf/7vzB5xGE2UnAJSme/7vw6yr7GyAk1Q5bARwrLsCAv/P0tGc/z/iUsJEhwIAACWb7kxJWiuOA6YjTWu1iMc6PwtYSVbWGvVrEfGxiHh3pnI+L891npkYzQMAAAAAAAAAAAAAAAAAAAAAAADAMWVZEhkAAABwqkWkf+v9MtflmWen+78fOJf8Z6Yzj4jXf/bqT28ttlpbc/n6f+6vb71VrH++jG8wAAAAgH694/TecTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjNLdO7eX7mZZlt25vXSScf/x1YioFvGLqVszGVOd+VRUIuLiv5KYPPC8JCImRhB/782IeGJQ/CRPK6pFFvfFPxeRRsSFUcWP/vhbh8ePbvxLsTeCDODsejvvf14etP9PxdPFPAbsf5PF9LCG93/pfv83MaT/e2zYRiv3F59859ezQ+O/GfHk5OD+rxc/ybc3IP4zx2zjd7/Vbg+ry34RcfmB/q8IcCDWbGvj5uz2bvvq2sbian21vjk/P/fCwosL1xeuza6sNerF34ExfvSZ33x4r/TBA+2/OCh+0f922j/k9X/2mO3/4J1bdz7RXex7Z6ISP8+yK88Mfv+fyGeTD8bvffZ9vvgcyMv5a5i+9e2B8Z/61R+eGpZb3v7lIe2f6mv/+b72Xzlm+5/75vf/fMyHAgAnYHu3vb7YaNS3LBxciOojkcaju5CPO0tPI4kk8oV376taLD+x7sIbxT622OjtbQ+1wd7wu73+u+LgaJzJl9AXAQAA43Vv0N9fk5STEAAAAAAAAAAAAAAAAAAAAJxBR94GbFhVGhH31nznB4fcjaw/prvWAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACPov8FAAD//w5a0qg=")
syz_emit_ethernet(0x4e, &(0x7f0000000100)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4df30c", 0x18, 0x6, 0xff, @empty, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x6, 0x0, 0x0, {[@exp_fastopen={0xfe, 0x4}]}}}}}}}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x103, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x11c167, 0x0, 0xfffffffa, 0xb95b5ec032cc8e84}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000180), &(0x7f00000001c0)=r0}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={0x0, r2}, 0x18)
r3 = open(&(0x7f0000000000)='./file1\x00', 0x143142, 0x80)
ftruncate(r3, 0x2007ffb)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r4}, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r5 = socket$igmp6(0xa, 0x3, 0x2)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'geneve1\x00', <r6=>0x0})
ioctl$sock_inet6_SIOCADDRT(r5, 0x890b, &(0x7f00000005c0)={@empty, @remote, @remote, 0x6, 0x2, 0x0, 0x0, 0xb7, 0x2000213, r6})
socket$netlink(0x10, 0x3, 0x0)
r7 = socket$inet6(0xa, 0x2, 0x0)
sendmsg$inet(r7, &(0x7f0000000340)={&(0x7f0000000100)={0x2, 0x4e22, @multicast2}, 0x10, 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000000000000000000007"], 0x20}, 0x400c000)

303.489127ms ago: executing program 5 (id=2753):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)={0x50, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x20044000}, 0x8042)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x2c, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)

243.10444ms ago: executing program 6 (id=2754):
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
r0 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
r1 = inotify_init1(0x800)
inotify_add_watch(r1, &(0x7f0000000380)='./file0\x00', 0x10000041)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r2, 0x2000009)
sendfile(r0, r2, 0x0, 0x20000000000006)
r3 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
tee(r3, r4, 0x1, 0x0)

238.01805ms ago: executing program 5 (id=2755):
mknod$loop(&(0x7f0000000080)='./file0\x00', 0x100000000000600d, 0x1)
creat(&(0x7f00000000c0)='./file0\x00', 0xc9028ba210c11f8b)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x11, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x18)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r3=>0x0})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="020000000400000008000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r4, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000004000000e27f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r6}, 0x10)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r7}, 0x18)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r3, @ANYBLOB="00000000000000001c001a800800028008000200080000003e120000080002001040e5"], 0x44}}, 0x0)
timerfd_create(0x0, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x4000000000001f2, 0x0)

215.371271ms ago: executing program 0 (id=2756):
r0 = socket(0x2a, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x20040845}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newtfilter={0x90, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x58, 0x2, [@TCA_FLOWER_ACT={0x54, 0x3, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xfffffff8, 0xfff, 0x0, 0x1fe, 0xa}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0x13, 0x6}}]}, 0x90}, 0x1, 0x0, 0x0, 0x20000004}, 0x24000000)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x600)

154.028024ms ago: executing program 0 (id=2757):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
writev(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}, {0x0}, {&(0x7f0000001480)}], 0x3)
ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0x40305839, &(0x7f0000000000)=ANY=[@ANYBLOB="00000000000800000000000000000000000000000002"])
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r2, 0x11c, 0x4, &(0x7f0000000000)=""/152, &(0x7f00000005c0)=0x98)

93.263856ms ago: executing program 6 (id=2758):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x19, &(0x7f00000005c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8b, 0x0, 0x0, 0x0, 0x200b}, {{}, {}, {}, {0x85, 0x0, 0x0, 0x86}}, {}, [@jmp={0x5, 0x1, 0xb, 0xa, 0x0, 0x6}, @jmp={0x5, 0x0, 0x7, 0x0, 0x0, 0xfffffffffffffff4, 0xfffffffffffffffc}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x2a}}}, &(0x7f0000000080)='GPL\x00', 0x9, 0x1001, &(0x7f0000000780)=""/4097, 0x40f00, 0x2f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)

92.774586ms ago: executing program 5 (id=2759):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000ff00000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x18, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000f00)='kfree\x00', r4, 0x0, 0x34}, 0x18)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x100, 0x3, 0x6361, 0x5, 0xfffffffd, 0x40000006}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000001}, 0x20000804)

51.434978ms ago: executing program 2 (id=2694):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="190000"], 0x48)
r0 = io_uring_setup(0x4d3f, &(0x7f0000000d80)={0x0, 0xca6a, 0x40, 0x2003, 0x2f8})
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
io_uring_register$IORING_REGISTER_RESTRICTIONS(r0, 0xb, &(0x7f0000000480), 0x66)

36.428629ms ago: executing program 6 (id=2760):
r0 = gettid()
openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x12000, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2})
ioctl$TUNATTACHFILTER(r2, 0x401054d5, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x25, 0x0, 0x3, 0xfffffffe}]})
r3 = epoll_create1(0x0)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(0xffffffffffffffff, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4800}, 0x4051)
preadv2(r1, &(0x7f0000000480)=[{&(0x7f00000000c0)=""/71, 0x47}, {0x0}, {&(0x7f00000001c0)=""/38, 0x26}], 0x3, 0x0, 0x81, 0x1)
epoll_pwait(r3, &(0x7f00000002c0)=[{}], 0x4e, 0x7, 0x0, 0x0)
r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000840), 0x0)
read(r4, &(0x7f0000000200)=""/209, 0xd1)
r5 = openat(0xffffffffffffff9c, &(0x7f00000005c0)='./bus\x00', 0x101042, 0x0)
pwrite64(r5, 0x0, 0x0, 0x9000)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r4, 0x4040534e, &(0x7f0000000180)={0x335, @tick=0xe, 0x42, {}, 0x2})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r4, 0xc08c5334, &(0x7f0000000300)={0x8009, 0x100000d, 0x1, 'queue0\x00', 0x16})
tkill(r0, 0x7)

704.44µs ago: executing program 2 (id=2761):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="0600000004000000fd0f000002"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000004000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f9ffffffb703000000080000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
socket$pptp(0x18, 0x1, 0x2)
r2 = syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000bc0000/0x400000)=nil, 0x400000, 0x9)
r3 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
write$selinux_attr(r3, &(0x7f0000000100)='system_u:object_r:hugetlbfs_t:s0\x00', 0x1d)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
write(0xffffffffffffffff, &(0x7f0000000040)="0600", 0x2)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000001000), 0xffff)
mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, 0xffffffffffffffff, 0x0)
ioctl$MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000c40)={0x0, 0xfe72})

0s ago: executing program 5 (id=2762):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="1800"/14, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000640)='ext4\x00', &(0x7f0000000200)='./file2\x00', 0x200000, &(0x7f0000000300), 0xfc, 0x580, &(0x7f0000000f80)="$eJzs3UtrXFUcAPD/nUzS9KFJoRR1IYEurNROmsRHBRd1KVos6L4OyTSUTDolMylNLNgu7MaNFEHEgujOhXuXxS/gpyhooUgJunATuZM76bSZaV4zmdT5/eC259xzZ/7nzL3nzLmPIQH0rbH0n1zEyxHxdRIx0lSWj6xwbG27lUc3ptMlidXVT/5KIsnWNbZPsv8PZ5mXIuK3LyNO5TbGrS4tzxXL5dJClh+vzV8dry4tn748X5wtzZauTE5NnX1ravLdd97uWFtfv/DPdx/f++DsVydWvv3lwdE7SZyLI1lZczt24WZzZizGss9kMM49teFEB4LtJ0mvK8CODGT9fDDSMWAkBtZzLayO7HX1gC76Iu3WQJ9K9H/oU415QOPcvkPnwc+Nh++vnQBtbH9+7dpIDNfPhg6tJNn1kDXp+e5oB+KnMX798+6ddInOXYcA2NTNWxFxJp/fOP4l2fi3c2e2sM3TMbL4bS5AAZ10L53/vNFq/pNbn/9Ei/nP4RZ9dyfa9P8muQcdCNNWOv97r+X8d/2m1ehAlnuhPucbTC5dLpfSse3FiDgZgwfS/DPu53yWW7m/2q6wef6XLmn8xlwwq8eD/IEnXzNTrBV31egmD29FvNJy/pus7/+kxf5PP48LW4xxvHT31XZlm7d/XVduMa3+GPFay/2fPBH4Gfcnx+vHw3jjqNjo79vHf28Xfxvt74qHP2eJ9u0fTZrv11a3H+OH4X9L7cp2evwPJZ/W00PZuuvFWm1hImIo+Wjj+snHr23kG9unx//JE88e/1od/wfTjr3F9t8+drt50+Httb+70vbPtD/+Bzbu/+0n7n/4+fft4m9t/79ZT53M1mxl/NtqBXf7+QEAAAAAAMB+kouII5HkCuvpXK5QWHu+41gcypUr1dqpS5XFKzNR/63saAzmGne6R5qeh5jInodt5Cefyk9FxNGI+GbgYD1fmK6UZ3rdeAAAAAAAAAAAAAAAAAAAANgnDkcMt/r9f+qPgV7XDui6fK8rAPRM+/6flXTiLz0B+9KOv/+HO1sPYO+Z/0P/0v+hf+n/0L/0f+hf+j/0r+b+P9TDegB7bzvf/z+d72JFAAAAAAAAAAAAAAAAAAAAAAAAAAAA4P/hwvnz6bK68ujGdJqfuba0OFe5dnqmVJ0rzC9OF6YrC1cLs5XKbLlUmK7Mb/Z+5Url6sRkLF4fr5WqtfHq0vLF+crildrFy/PF2dLF0uCetAoAAAAAAAAAAAAAAAAAAACeL9Wl5bliuVxakJDYUSK/P6oh0ZwY2v379HpkAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDH/gsAAP//3Kw5xQ==")
listxattr(&(0x7f0000000080)='./file1\x00', &(0x7f0000000280)=""/73, 0x49)

kernel console output (not intermixed with test programs):

r:sysadm_t pid=9629 comm="syz.2.1960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6be8c9f749 code=0x7ffc0000
[  152.121090][   T29] audit: type=1326 audit(1765090699.049:25415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9629 comm="syz.2.1960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6be8c9f749 code=0x7ffc0000
[  152.179399][ T9647] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1966'.
[  152.203876][ T9649] loop4: detected capacity change from 0 to 1024
[  152.210643][ T9649] EXT4-fs: Ignoring removed orlov option
[  152.219482][ T9649] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.244377][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.273675][ T9654] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1969'.
[  152.283321][ T9654] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1969'.
[  152.332138][ T9662] lo speed is unknown, defaulting to 1000
[  152.378304][ T9671] loop2: detected capacity change from 0 to 512
[  152.390497][ T9671] EXT4-fs: dax option not supported
[  152.462659][ T9681] loop2: detected capacity change from 0 to 1024
[  152.469834][ T9681] EXT4-fs: Ignoring removed orlov option
[  152.480401][ T9681] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.514737][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.670696][ T9712] loop1: detected capacity change from 0 to 1024
[  152.677489][ T9712] EXT4-fs: Ignoring removed orlov option
[  152.685565][ T9712] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.715700][ T3330] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.743828][ T9721] lo speed is unknown, defaulting to 1000
[  152.768663][ T9725] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  152.791405][ T9730] loop1: detected capacity change from 0 to 512
[  152.805980][ T9725] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  152.810804][ T9730] EXT4-fs: dax option not supported
[  152.865690][ T9740] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  152.894720][ T9740] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  153.030381][ T9744] loop1: detected capacity change from 0 to 1024
[  153.037611][ T9744] EXT4-fs: Ignoring removed orlov option
[  153.048310][ T9744] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  153.175143][ T3330] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.453486][ T9764] tipc: Enabling of bearer <udp:s> rejected, already enabled
[  153.531023][ T9770] EXT4-fs: Ignoring removed orlov option
[  153.549728][ T9770] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  153.557729][ T9773] IPVS: set_ctl: invalid protocol: 50 255.255.255.255:20003
[  153.637139][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  153.728518][ T9789] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  153.744080][ T9789] ext4 filesystem being mounted at /420/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  153.805974][ T9803] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  153.814529][ T9803] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  153.825444][ T9805] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  153.834127][ T9805] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  154.084680][ T9811] EXT4-fs: Ignoring removed orlov option
[  154.092352][ T9811] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  154.212838][ T3330] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.296143][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.556544][ T9840] set_capacity_and_notify: 3 callbacks suppressed
[  154.556590][ T9840] loop0: detected capacity change from 0 to 1024
[  154.574568][ T9825] Set syz1 is full, maxelem 65536 reached
[  154.594888][ T9840] EXT4-fs: Ignoring removed orlov option
[  154.605554][ T9840] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  154.660996][ T9851] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  154.671446][ T9851] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  154.734939][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.160368][ T9871] Set syz1 is full, maxelem 65536 reached
[  155.242354][ T9891] loop1: detected capacity change from 0 to 1024
[  155.249754][ T9891] EXT4-fs: Ignoring removed orlov option
[  155.258263][ T9891] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  155.350212][ T9902] __nla_validate_parse: 2 callbacks suppressed
[  155.350226][ T9902] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2071'.
[  155.395800][ T3330] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.458457][ T9919] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2079'.
[  155.497705][ T9929] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2083'.
[  155.521659][ T9931] loop1: detected capacity change from 0 to 1024
[  155.528692][ T9931] EXT4-fs: Ignoring removed orlov option
[  155.536921][ T9931] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  155.633303][ T3330] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.657151][ T9935] loop1: detected capacity change from 0 to 1024
[  155.664108][ T9935] EXT4-fs: Ignoring removed orlov option
[  155.672535][ T9935] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  155.690155][   T29] kauditd_printk_skb: 47 callbacks suppressed
[  155.690172][   T29] audit: type=1326 audit(1765090702.639:25463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.0.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  155.720755][   T29] audit: type=1326 audit(1765090702.639:25464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.0.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  155.744832][   T29] audit: type=1326 audit(1765090702.639:25465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.0.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  155.768662][   T29] audit: type=1326 audit(1765090702.639:25466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.0.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  155.792544][   T29] audit: type=1326 audit(1765090702.639:25467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.0.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  155.816158][   T29] audit: type=1326 audit(1765090702.639:25468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.0.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  155.839682][   T29] audit: type=1326 audit(1765090702.639:25469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.0.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  155.863331][   T29] audit: type=1326 audit(1765090702.639:25470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.0.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  155.887305][   T29] audit: type=1326 audit(1765090702.639:25471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.0.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  155.911074][   T29] audit: type=1326 audit(1765090702.649:25472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9937 comm="syz.0.2086" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  156.182889][ T9955] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2094'.
[  156.400424][ T9972] loop2: detected capacity change from 0 to 1024
[  156.463326][ T9972] EXT4-fs: Ignoring removed orlov option
[  156.506241][ T9972] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  156.570268][ T3330] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.676407][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  156.811590][ T9956] loop0: detected capacity change from 0 to 2048
[  156.826143][ T9997] loop5: detected capacity change from 0 to 512
[  156.833498][ T9956] EXT4-fs error (device loop0): ext4_ext_check_inode:523: inode #2: comm syz.0.2094: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 260(4), depth 0(0)
[  156.851620][ T9956] EXT4-fs (loop0): get root inode failed
[  156.857526][ T9956] EXT4-fs (loop0): mount failed
[  156.863224][ T9997] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  156.871646][ T9997] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  156.880281][ T9997] System zones: 0-1, 15-15, 18-18, 34-34
[  156.886260][ T9997] EXT4-fs (loop5): orphan cleanup on readonly fs
[  156.892945][ T9997] EXT4-fs warning (device loop5): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  156.907762][ T9997] EXT4-fs (loop5): Cannot turn on quotas: error -22
[  156.915161][ T9997] EXT4-fs (loop5): 1 truncate cleaned up
[  156.921354][ T9997] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  157.103401][ T5146] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.341759][ T9954] syz.0.2094 invoked oom-killer: gfp_mask=0x408d40(GFP_NOFS|__GFP_ZERO|__GFP_NOFAIL|__GFP_ACCOUNT), order=0, oom_score_adj=1000
[  157.355199][ T9954] CPU: 1 UID: 0 PID: 9954 Comm: syz.0.2094 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  157.355225][ T9954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  157.355236][ T9954] Call Trace:
[  157.355243][ T9954]  <TASK>
[  157.355251][ T9954]  __dump_stack+0x1d/0x30
[  157.355276][ T9954]  dump_stack_lvl+0xe8/0x140
[  157.355344][ T9954]  dump_stack+0x15/0x1b
[  157.355373][ T9954]  dump_header+0x81/0x240
[  157.355421][ T9954]  oom_kill_process+0x295/0x350
[  157.355448][ T9954]  out_of_memory+0x97b/0xb80
[  157.355475][ T9954]  try_charge_memcg+0x610/0xa10
[  157.355592][ T9954]  obj_cgroup_charge_pages+0xa6/0x150
[  157.355624][ T9954]  obj_cgroup_charge_account+0x73/0x1a0
[  157.355655][ T9954]  __memcg_slab_post_alloc_hook+0x397/0x530
[  157.355792][ T9954]  kmem_cache_alloc_noprof+0x2c5/0x4b0
[  157.355813][ T9954]  ? alloc_buffer_head+0x35/0x1f0
[  157.355834][ T9954]  alloc_buffer_head+0x35/0x1f0
[  157.355853][ T9954]  folio_alloc_buffers+0x14a/0x310
[  157.355899][ T9954]  create_empty_buffers+0x2c/0x200
[  157.355927][ T9954]  __block_write_begin_int+0x1d4/0xf90
[  157.355955][ T9954]  ? __queue_delayed_work+0x165/0x1e0
[  157.356089][ T9954]  ? queue_delayed_work_on+0xff/0x170
[  157.356115][ T9954]  ? __pfx_ext4_da_get_block_prep+0x10/0x10
[  157.356142][ T9954]  ? _raw_spin_unlock_irq+0x26/0x50
[  157.356178][ T9954]  ? wb_wakeup_delayed+0x9b/0xb0
[  157.356230][ T9954]  ? _raw_spin_unlock+0x26/0x50
[  157.356312][ T9954]  ? __pfx_ext4_da_get_block_prep+0x10/0x10
[  157.356347][ T9954]  block_page_mkwrite+0x1a8/0x3d0
[  157.356378][ T9954]  ext4_page_mkwrite+0x859/0xb90
[  157.356455][ T9954]  ? folio_unlock+0xd9/0x120
[  157.356479][ T9954]  handle_mm_fault+0x1601/0x2c60
[  157.356514][ T9954]  ? mt_find+0x21b/0x330
[  157.356547][ T9954]  do_user_addr_fault+0x3fe/0x1080
[  157.356574][ T9954]  exc_page_fault+0x62/0xa0
[  157.356598][ T9954]  asm_exc_page_fault+0x26/0x30
[  157.356685][ T9954] RIP: 0033:0x7fb649e3f11a
[  157.356705][ T9954] Code: 01 4c 89 44 24 10 4c 89 54 24 08 e8 a0 9d fe ff 48 8b 43 38 4c 8b 44 24 10 83 43 28 08 4c 8b 54 24 08 48 8d 48 f8 48 89 4b 38 <48> 89 68 f8 45 3b 78 04 0f 82 5e fe ff ff e9 ed fe ff ff 0f 1f 00
[  157.356721][ T9954] RSP: 002b:00007fffdbbb0d40 EFLAGS: 00010212
[  157.356737][ T9954] RAX: 0000001b34223de8 RBX: 00007fb64ace5720 RCX: 0000001b34223de0
[  157.356750][ T9954] RDX: 0000001b33e24220 RSI: 0000000000000008 RDI: 00007fb64ace5720
[  157.356765][ T9954] RBP: ffffffff8453142f R08: 00007fb64a1b6038 R09: 00007fb64a1a2000
[  157.356852][ T9954] R10: 00007fb6499cf008 R11: 000000000000000e R12: 000000000000000e
[  157.356864][ T9954] R13: 0000000000000001 R14: ffffffff84531d45 R15: 0000000000000001
[  157.356876][ T9954]  ? __x64_sys_sendmsg+0x25/0x160
[  157.356896][ T9954]  ? __copy_msghdr+0x25f/0x300
[  157.356920][ T9954]  </TASK>
[  157.356928][ T9954] memory: usage 307200kB, limit 307200kB, failcnt 1065
[  157.446702][T10021] loop5: detected capacity change from 0 to 1024
[  157.447944][ T9954] memory+swap: usage 307412kB, limit 9007199254740988kB, failcnt 0
[  157.454095][T10021] EXT4-fs: Ignoring removed orlov option
[  157.458250][ T9954] kmem: usage 303944kB, limit 9007199254740988kB, failcnt 0
[  157.466462][T10021] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  157.469293][ T9954] Memory cgroup stats for /syz0:
[  157.683078][ T9954] cache 4096
[  157.691475][ T9954] rss 3325952
[  157.694771][ T9954] shmem 0
[  157.697795][ T9954] mapped_file 0
[  157.701370][ T9954] dirty 0
[  157.704380][ T9954] writeback 0
[  157.707713][ T9954] workingset_refault_anon 1441
[  157.712489][ T9954] workingset_refault_file 1074
[  157.717424][ T9954] swap 217088
[  157.720704][ T9954] swapcached 0
[  157.724060][ T9954] pgpgin 86907
[  157.727651][ T9954] pgpgout 86093
[  157.731320][ T9954] pgfault 106233
[  157.734876][ T9954] pgmajfault 292
[  157.738503][ T9954] inactive_anon 0
[  157.742253][ T9954] active_anon 0
[  157.745805][ T9954] inactive_file 3334144
[  157.749968][ T9954] active_file 0
[  157.753530][ T9954] unevictable 0
[  157.757122][ T9954] hierarchical_memory_limit 314572800
[  157.762504][ T9954] hierarchical_memsw_limit 9223372036854771712
[  157.768807][ T9954] total_cache 4096
[  157.772592][ T9954] total_rss 3325952
[  157.776499][ T9954] total_shmem 0
[  157.780045][ T9954] total_mapped_file 0
[  157.784169][ T9954] total_dirty 0
[  157.787764][ T9954] total_writeback 0
[  157.791761][ T9954] total_workingset_refault_anon 1441
[  157.797232][ T9954] total_workingset_refault_file 1074
[  157.802543][ T9954] total_swap 217088
[  157.806461][ T9954] total_swapcached 0
[  157.806855][T10031] loop2: detected capacity change from 0 to 512
[  157.810390][ T9954] total_pgpgin 86907
[  157.820673][ T9954] total_pgpgout 86093
[  157.824718][ T9954] total_pgfault 106233
[  157.828829][ T9954] total_pgmajfault 292
[  157.832905][ T9954] total_inactive_anon 0
[  157.837095][ T9954] total_active_anon 0
[  157.841076][ T9954] total_inactive_file 3334144
[  157.845829][ T9954] total_active_file 0
[  157.849925][ T9954] total_unevictable 0
[  157.853910][ T9954] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz0,task_memcg=/syz0,task=syz.0.2094,pid=9954,uid=0
[  157.868744][ T9954] Memory cgroup out of memory: Killed process 9954 (syz.0.2094) total-vm:94100kB, anon-rss:4464kB, file-rss:22576kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  157.899985][T10031] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  157.908293][T10031] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  157.938164][T10031] System zones: 0-1, 15-15, 18-18, 34-34
[  157.944120][T10031] EXT4-fs (loop2): orphan cleanup on readonly fs
[  157.954728][ T5146] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.995694][T10031] EXT4-fs warning (device loop2): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  158.010401][T10031] EXT4-fs (loop2): Cannot turn on quotas: error -22
[  158.018707][T10031] EXT4-fs (loop2): 1 truncate cleaned up
[  158.025276][T10031] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  158.257952][T10062] loop1: detected capacity change from 0 to 1024
[  158.291575][T10062] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  158.351530][ T3330] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.369690][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.523386][T10093] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  158.527758][T10089] netlink: 14 bytes leftover after parsing attributes in process `syz.5.2143'.
[  158.566249][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.577052][T10102] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  158.585168][T10102] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  158.594014][T10102] System zones: 0-1, 15-15, 18-18, 34-34
[  158.600041][T10102] EXT4-fs (loop0): orphan cleanup on readonly fs
[  158.612862][T10102] EXT4-fs warning (device loop0): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  158.627654][T10102] EXT4-fs (loop0): Cannot turn on quotas: error -22
[  158.635734][T10102] EXT4-fs (loop0): 1 truncate cleaned up
[  158.642859][T10102] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  158.919006][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.010627][T10128] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  159.023493][T10128] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.2155: Invalid block bitmap block 0 in block_group 0
[  159.037787][T10128] EXT4-fs error (device loop0): ext4_acquire_dquot:6986: comm syz.0.2155: Failed to acquire dquot type 0
[  159.049849][T10128] EXT4-fs error (device loop0): ext4_free_blocks:6728: comm syz.0.2155: Freeing blocks not in datazone - block = 0, count = 4096
[  159.063894][T10128] EXT4-fs error (device loop0): ext4_read_inode_bitmap:139: comm syz.0.2155: Invalid inode bitmap blk 0 in block_group 0
[  159.079152][ T3622] EXT4-fs error (device loop0): ext4_release_dquot:7022: comm kworker/u8:24: Failed to release dquot type 0
[  159.091312][T10128] EXT4-fs error (device loop0) in ext4_free_inode:361: Corrupt filesystem
[  159.101580][T10128] EXT4-fs (loop0): 1 orphan inode deleted
[  159.108040][T10128] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.126594][T10128] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.148170][T10099] EXT4-fs error (device loop5): ext4_ext_check_inode:523: inode #2: comm syz.5.2143: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 260(4), depth 0(0)
[  159.170080][T10099] EXT4-fs (loop5): get root inode failed
[  159.175860][T10099] EXT4-fs (loop5): mount failed
[  159.247896][T10153] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  159.271688][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.319332][T10165] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.335193][T10165] ext4 filesystem being mounted at /446/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  159.368418][T10165] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.388985][T10171] tipc: Started in network mode
[  159.393894][T10171] tipc: Node identity ce10d49ddb3c, cluster identity 4711
[  159.401286][T10171] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  159.416014][T10171] syzkaller0: entered promiscuous mode
[  159.421553][T10171] syzkaller0: entered allmulticast mode
[  159.450892][T10170] tipc: Resetting bearer <eth:syzkaller0>
[  159.469797][T10170] tipc: Disabling bearer <eth:syzkaller0>
[  159.564771][T10178] EXT4-fs: Ignoring removed orlov option
[  159.573088][T10178] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  159.706270][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  159.862965][T10183] Set syz1 is full, maxelem 65536 reached
[  159.970615][T10206] netlink: 14 bytes leftover after parsing attributes in process `syz.5.2184'.
[  159.996468][T10211] set_capacity_and_notify: 7 callbacks suppressed
[  159.996486][T10211] loop4: detected capacity change from 0 to 1024
[  160.012417][T10209] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  160.018932][T10209] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  160.040174][T10211] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  160.077542][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.376577][T10206] loop5: detected capacity change from 0 to 2048
[  160.388735][T10206] EXT4-fs error (device loop5): ext4_ext_check_inode:523: inode #2: comm syz.5.2184: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 260(4), depth 0(0)
[  160.411082][T10206] EXT4-fs (loop5): get root inode failed
[  160.416914][T10206] EXT4-fs (loop5): mount failed
[  160.446644][T10245] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  160.453192][T10245] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  160.486656][T10247] loop0: detected capacity change from 0 to 1024
[  160.497079][T10247] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  160.521180][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  160.564900][T10253] loop0: detected capacity change from 0 to 512
[  160.573045][T10253] EXT4-fs: Ignoring removed mblk_io_submit option
[  160.580731][T10253] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  160.588828][T10253] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042e018, mo2=0002]
[  160.597617][T10253] System zones: 0-1, 15-15, 18-18, 34-34
[  160.603691][T10253] EXT4-fs (loop0): orphan cleanup on readonly fs
[  160.611675][T10253] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.2205: bg 0: block 15: invalid block bitmap
[  160.625008][T10253] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6689: Corrupt filesystem
[  160.634594][T10253] EXT4-fs (loop0): 1 truncate cleaned up
[  160.640782][T10253] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  160.688245][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.008659][T10272] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  161.015129][T10272] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  161.019463][T10198] syz.5.2184 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  161.032651][T10198] CPU: 1 UID: 0 PID: 10198 Comm: syz.5.2184 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  161.032679][T10198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  161.032690][T10198] Call Trace:
[  161.032697][T10198]  <TASK>
[  161.032807][T10198]  __dump_stack+0x1d/0x30
[  161.032848][T10198]  dump_stack_lvl+0xe8/0x140
[  161.032948][T10198]  dump_stack+0x15/0x1b
[  161.032972][T10198]  dump_header+0x81/0x240
[  161.032990][T10198]  oom_kill_process+0x295/0x350
[  161.033013][T10198]  out_of_memory+0x97b/0xb80
[  161.033051][T10198]  try_charge_memcg+0x610/0xa10
[  161.033094][T10198]  charge_memcg+0x51/0xc0
[  161.033121][T10198]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  161.033219][T10198]  __read_swap_cache_async+0x17b/0x2d0
[  161.033247][T10198]  swap_cluster_readahead+0x262/0x3c0
[  161.033284][T10198]  swapin_readahead+0xde/0x820
[  161.033398][T10198]  ? __rcu_read_unlock+0x4f/0x70
[  161.033423][T10198]  ? __perf_event_task_sched_in+0xa5b/0xac0
[  161.033447][T10198]  ? __list_add_valid_or_report+0x38/0xe0
[  161.033480][T10198]  ? __rcu_read_unlock+0x4f/0x70
[  161.033535][T10198]  ? swap_cache_get_folio+0x277/0x280
[  161.033566][T10198]  do_swap_page+0x2b4/0x21e0
[  161.033597][T10198]  ? _raw_spin_unlock+0x26/0x50
[  161.033675][T10198]  ? __schedule+0x85f/0xcd0
[  161.033702][T10198]  ? __pfx_default_wake_function+0x10/0x10
[  161.033778][T10198]  handle_mm_fault+0x9d8/0x2c60
[  161.033824][T10198]  do_user_addr_fault+0x630/0x1080
[  161.033912][T10198]  exc_page_fault+0x62/0xa0
[  161.033941][T10198]  asm_exc_page_fault+0x26/0x30
[  161.033961][T10198] RIP: 0033:0x7f22a95812be
[  161.033979][T10198] Code: e9 17 cf 12 00 0f 1f 80 00 00 00 00 48 83 c4 28 48 c7 c0 ff ff ff ff 5b 5d c3 66 90 41 57 41 56 41 55 41 54 55 53 48 83 ec 38 <80> 3d 3b 0d 38 00 00 89 7c 24 0c 88 54 24 10 48 89 74 24 28 0f 85
[  161.034067][T10198] RSP: 002b:00007ffcf1acd390 EFLAGS: 00010206
[  161.034083][T10198] RAX: 00007f22a9905fa0 RBX: 00007f22a9905fa0 RCX: 0000000000000026
[  161.034095][T10198] RDX: 0000000000000001 RSI: 00007f22a9906038 RDI: 000000000000000e
[  161.034107][T10198] RBP: 00007f22a9907da0 R08: 0000000000000001 R09: 0000000000000026
[  161.034118][T10198] R10: 3fffffffffffffff R11: 0000000000000293 R12: 00000000000273c7
[  161.034131][T10198] R13: 00007f22a9906090 R14: ffffffffffffffff R15: 00007ffcf1acd510
[  161.034171][T10198]  </TASK>
[  161.034179][T10198] memory: usage 307200kB, limit 307200kB, failcnt 1842
[  161.150218][T10274] loop2: detected capacity change from 0 to 1024
[  161.151621][T10198] memory+swap: usage 307408kB, limit 9007199254740988kB, failcnt 0
[  161.151639][T10198] kmem: usage 302796kB, limit 9007199254740988kB, failcnt 0
[  161.177497][T10274] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  161.181716][T10198] Memory cgroup stats for /syz5:
[  161.301803][T10198] cache 0
[  161.307263][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.309752][T10198] rss 4505600
[  161.322062][T10198] shmem 0
[  161.325003][T10198] mapped_file 0
[  161.328493][T10198] dirty 0
[  161.331454][T10198] writeback 0
[  161.334775][T10198] workingset_refault_anon 394
[  161.339739][T10198] workingset_refault_file 0
[  161.344269][T10198] swap 212992
[  161.347594][T10198] swapcached 0
[  161.350975][T10198] pgpgin 43614
[  161.354518][T10198] pgpgout 42513
[  161.358132][T10198] pgfault 62263
[  161.361613][T10198] pgmajfault 285
[  161.365279][T10198] inactive_anon 0
[  161.368980][T10198] active_anon 0
[  161.372482][T10198] inactive_file 4509696
[  161.376794][T10198] active_file 0
[  161.380331][T10198] unevictable 0
[  161.383901][T10198] hierarchical_memory_limit 314572800
[  161.389667][T10198] hierarchical_memsw_limit 9223372036854771712
[  161.395990][T10198] total_cache 0
[  161.399442][T10198] total_rss 4505600
[  161.403318][T10198] total_shmem 0
[  161.406873][T10198] total_mapped_file 0
[  161.411168][T10198] total_dirty 0
[  161.414748][T10198] total_writeback 0
[  161.418623][T10198] total_workingset_refault_anon 394
[  161.423823][T10198] total_workingset_refault_file 0
[  161.428891][T10198] total_swap 212992
[  161.432922][T10198] total_swapcached 0
[  161.436888][T10198] total_pgpgin 43614
[  161.440771][T10198] total_pgpgout 42513
[  161.444769][T10198] total_pgfault 62263
[  161.448788][T10198] total_pgmajfault 285
[  161.452846][T10198] total_inactive_anon 0
[  161.457048][T10198] total_active_anon 0
[  161.461102][T10198] total_inactive_file 4509696
[  161.465812][T10198] total_active_file 0
[  161.469807][T10198] total_unevictable 0
[  161.473936][T10198] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.2184,pid=10198,uid=0
[  161.488769][T10198] Memory cgroup out of memory: Killed process 10198 (syz.5.2184) total-vm:94100kB, anon-rss:5616kB, file-rss:22568kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  161.726370][T10301] xt_hashlimit: size too large, truncated to 1048576
[  161.864896][T10301] loop0: detected capacity change from 0 to 2048
[  161.881371][T10301] EXT4-fs (loop0): failed to initialize system zone (-117)
[  161.891009][T10301] EXT4-fs (loop0): mount failed
[  161.988435][T10311] loop0: detected capacity change from 0 to 1024
[  162.025945][T10311] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  162.061974][T10311] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.2230: Invalid block bitmap block 0 in block_group 0
[  162.111388][T10311] __quota_error: 444 callbacks suppressed
[  162.111405][T10311] Quota error (device loop0): write_blk: dquota write failed
[  162.124655][T10311] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota
[  162.135402][T10311] EXT4-fs error (device loop0): ext4_acquire_dquot:6986: comm syz.0.2230: Failed to acquire dquot type 0
[  162.175442][T10311] EXT4-fs error (device loop0): ext4_free_blocks:6728: comm syz.0.2230: Freeing blocks not in datazone - block = 0, count = 4096
[  162.196109][T10311] EXT4-fs error (device loop0): ext4_read_inode_bitmap:139: comm syz.0.2230: Invalid inode bitmap blk 0 in block_group 0
[  162.210333][T10311] EXT4-fs error (device loop0) in ext4_free_inode:361: Corrupt filesystem
[  162.219127][   T53] Quota error (device loop0): do_check_range: Getting block 0 out of range 1-7
[  162.228666][   T53] EXT4-fs error (device loop0): ext4_release_dquot:7022: comm kworker/u8:4: Failed to release dquot type 0
[  162.240481][T10311] EXT4-fs (loop0): 1 orphan inode deleted
[  162.250986][T10311] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  162.277983][T10311] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.331176][   T29] audit: type=1326 audit(1765090709.279:25911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10324 comm="syz.1.2236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d414bf749 code=0x7ffc0000
[  162.372356][   T29] audit: type=1326 audit(1765090709.309:25912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10324 comm="syz.1.2236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7f9d414bf749 code=0x7ffc0000
[  162.396846][   T29] audit: type=1326 audit(1765090709.309:25913): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10324 comm="syz.1.2236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d414bf749 code=0x7ffc0000
[  162.520483][T10334] loop0: detected capacity change from 0 to 512
[  162.571554][T10340] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  162.617221][T10334] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  162.654956][T10334] ext4 filesystem being mounted at /480/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  162.669048][T10330] Set syz1 is full, maxelem 65536 reached
[  162.678280][T10334] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  162.810268][T10357] netlink: 14 bytes leftover after parsing attributes in process `syz.5.2247'.
[  162.846534][T10359] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2249'.
[  163.126687][T10357] loop5: detected capacity change from 0 to 2048
[  163.148549][T10357] EXT4-fs error (device loop5): ext4_ext_check_inode:523: inode #2: comm syz.5.2247: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 260(4), depth 0(0)
[  163.170960][T10357] EXT4-fs (loop5): get root inode failed
[  163.177114][T10357] EXT4-fs (loop5): mount failed
[  163.601027][ T5146] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  163.612160][ T5146] CPU: 0 UID: 0 PID: 5146 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) 
[  163.612186][ T5146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  163.612254][ T5146] Call Trace:
[  163.612261][ T5146]  <TASK>
[  163.612268][ T5146]  __dump_stack+0x1d/0x30
[  163.612292][ T5146]  dump_stack_lvl+0xe8/0x140
[  163.612323][ T5146]  dump_stack+0x15/0x1b
[  163.612346][ T5146]  dump_header+0x81/0x240
[  163.612383][ T5146]  oom_kill_process+0x295/0x350
[  163.612407][ T5146]  out_of_memory+0x97b/0xb80
[  163.612428][ T5146]  try_charge_memcg+0x610/0xa10
[  163.612541][ T5146]  charge_memcg+0x51/0xc0
[  163.612576][ T5146]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  163.612683][ T5146]  __read_swap_cache_async+0x17b/0x2d0
[  163.612714][ T5146]  swap_cluster_readahead+0x362/0x3c0
[  163.612756][ T5146]  swapin_readahead+0xde/0x820
[  163.612786][ T5146]  ? strncmp+0x34/0x70
[  163.612815][ T5146]  ? __rcu_read_unlock+0x4f/0x70
[  163.612907][ T5146]  ? __perf_event_task_sched_in+0xa5b/0xac0
[  163.612927][ T5146]  ? __rcu_read_unlock+0x4f/0x70
[  163.612944][ T5146]  ? __rcu_read_unlock+0x4f/0x70
[  163.612961][ T5146]  ? swap_cache_get_folio+0x277/0x280
[  163.612991][ T5146]  do_swap_page+0x2b4/0x21e0
[  163.613046][ T5146]  ? _raw_spin_unlock+0x26/0x50
[  163.613074][ T5146]  ? __schedule+0x85f/0xcd0
[  163.613108][ T5146]  ? __pfx_default_wake_function+0x10/0x10
[  163.613146][ T5146]  handle_mm_fault+0x9d8/0x2c60
[  163.613182][ T5146]  do_user_addr_fault+0x630/0x1080
[  163.613209][ T5146]  exc_page_fault+0x62/0xa0
[  163.613287][ T5146]  asm_exc_page_fault+0x26/0x30
[  163.613311][ T5146] RIP: 0033:0x7f22a96e1fc5
[  163.613326][ T5146] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 9e 95 1f 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 <c3> 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74
[  163.613412][ T5146] RSP: 002b:00007ffcf1acd5d8 EFLAGS: 00010246
[  163.613432][ T5146] RAX: 0000000000000000 RBX: 0000000000000290 RCX: 00007f22a96e1fc3
[  163.613446][ T5146] RDX: 00007ffcf1acd5f0 RSI: 0000000000000000 RDI: 0000000000000000
[  163.613460][ T5146] RBP: 00007ffcf1acd65c R08: 0000000011d9f771 R09: 0000000000000000
[  163.613471][ T5146] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388
[  163.613483][ T5146] R13: 00000000000927c0 R14: 0000000000027d60 R15: 00007ffcf1acd6b0
[  163.613543][ T5146]  </TASK>
[  163.613549][ T5146] memory: usage 307200kB, limit 307200kB, failcnt 2200
[  163.713044][T10389] loop1: detected capacity change from 0 to 1024
[  163.714014][ T5146] memory+swap: usage 307408kB, limit 9007199254740988kB, failcnt 0
[  163.719839][T10389] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  163.724096][ T5146] kmem: usage 303168kB, limit 9007199254740988kB, failcnt 0
[  163.724114][ T5146] Memory cgroup stats for 
[  163.736647][T10389] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.2260: Invalid block bitmap block 0 in block_group 0
[  163.739148][ T5146] /syz5
[  163.743933][T10389] Quota error (device loop1): write_blk: dquota write failed
[  163.749607][ T5146] :
[  163.754604][T10389] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  163.793237][ T5146] cache 0
[  163.794898][T10389] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.2260: Failed to acquire dquot type 0
[  163.800519][ T5146] rss 4124672
[  163.800532][ T5146] shmem 0
[  163.800595][ T5146] mapped_file 0
[  163.817036][T10389] EXT4-fs error (device loop1): ext4_free_blocks:6728: comm syz.1.2260: Freeing blocks not in datazone - block = 0, count = 4096
[  163.817177][ T5146] dirty 0
[  163.825834][T10389] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.2260: Invalid inode bitmap blk 0 in block_group 0
[  163.833438][ T5146] writeback 0
[  163.833449][ T5146] workingset_refault_anon 450
[  163.833457][ T5146] workingset_refault_file 0
[  163.833465][ T5146] swap 212992
[  163.833471][ T5146] swapcached 0
[  163.900825][T10389] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem
[  163.903195][ T5146] pgpgin 46997
[  163.906287][T10389] EXT4-fs (loop1): 1 orphan inode deleted
[  163.913432][ T5146] pgpgout 45989
[  163.913443][ T5146] pgfault 65916
[  163.913494][ T5146] pgmajfault 322
[  163.913500][ T5146] inactive_anon 0
[  163.913506][ T5146] active_anon 0
[  163.913513][ T5146] inactive_file 4128768
[  163.916799][T10389] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  163.926214][ T5146] active_file 0
[  163.926229][ T5146] unevictable 0
[  163.926238][ T5146] hierarchical_memory_limit 314572800
[  163.926256][ T5146] hierarchical_memsw_limit 9223372036854771712
[  163.935175][   T29] audit: type=1326 audit(1765090710.829:25914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10393 comm="syz.2.2262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6be8c9f749 code=0x7ffc0000
[  163.940582][ T5146] total_cache 0
[  163.944026][   T29] audit: type=1326 audit(1765090710.829:25915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10393 comm="syz.2.2262" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6be8c9f749 code=0x7ffc0000
[  163.947024][ T5146] total_rss 4124672
[  164.124971][ T5146] total_shmem 0
[  164.128460][ T5146] total_mapped_file 0
[  164.132601][ T5146] total_dirty 0
[  164.136434][ T5146] total_writeback 0
[  164.140345][ T5146] total_workingset_refault_anon 450
[  164.145560][ T5146] total_workingset_refault_file 0
[  164.150671][ T5146] total_swap 212992
[  164.154500][ T5146] total_swapcached 0
[  164.158445][ T5146] total_pgpgin 46997
[  164.162415][ T5146] total_pgpgout 45989
[  164.166582][ T5146] total_pgfault 65916
[  164.170547][ T5146] total_pgmajfault 322
[  164.174687][ T5146] total_inactive_anon 0
[  164.178845][ T5146] total_active_anon 0
[  164.182915][ T5146] total_inactive_file 4128768
[  164.187706][ T5146] total_active_file 0
[  164.191741][ T5146] total_unevictable 0
[  164.195732][ T5146] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.2247,pid=10353,uid=0
[  164.210564][ T5146] Memory cgroup out of memory: Killed process 10353 (syz.5.2247) total-vm:94100kB, anon-rss:5232kB, file-rss:22440kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  164.229002][ T1698] EXT4-fs error (device loop1): ext4_release_dquot:7022: comm kworker/u8:10: Failed to release dquot type 0
[  164.247447][T10389] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.467254][T10416] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  164.487033][T10416] ext4 filesystem being mounted at /475/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  164.507104][T10416] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  164.648172][T10422] xt_hashlimit: size too large, truncated to 1048576
[  164.819310][T10423] EXT4-fs (loop1): failed to initialize system zone (-117)
[  164.839227][T10423] EXT4-fs (loop1): mount failed
[  165.028258][T10453] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  165.051967][T10455] set_capacity_and_notify: 2 callbacks suppressed
[  165.052079][T10455] loop1: detected capacity change from 0 to 1024
[  165.065910][T10455] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  165.077728][T10455] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:483: comm syz.1.2283: Invalid block bitmap block 0 in block_group 0
[  165.091877][T10455] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.2283: Failed to acquire dquot type 0
[  165.104005][T10455] EXT4-fs error (device loop1): ext4_free_blocks:6728: comm syz.1.2283: Freeing blocks not in datazone - block = 0, count = 4096
[  165.117685][T10455] EXT4-fs error (device loop1): ext4_read_inode_bitmap:139: comm syz.1.2283: Invalid inode bitmap blk 0 in block_group 0
[  165.130689][T10455] EXT4-fs error (device loop1) in ext4_free_inode:361: Corrupt filesystem
[  165.139620][T10455] EXT4-fs (loop1): 1 orphan inode deleted
[  165.139714][ T3622] EXT4-fs error (device loop1): ext4_release_dquot:7022: comm kworker/u8:24: Failed to release dquot type 0
[  165.145955][T10455] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  165.172665][T10455] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.195894][T10465] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2285'.
[  165.220358][T10469] xt_hashlimit: size too large, truncated to 1048576
[  165.327115][T10480] loop5: detected capacity change from 0 to 2048
[  165.337313][T10480] EXT4-fs (loop5): failed to initialize system zone (-117)
[  165.344744][T10480] EXT4-fs (loop5): mount failed
[  165.351790][T10486] loop2: detected capacity change from 0 to 1024
[  165.358541][T10486] EXT4-fs: Ignoring removed orlov option
[  165.366773][T10486] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  165.380707][T10488] loop1: detected capacity change from 0 to 512
[  165.397280][T10488] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  165.413206][T10488] ext4 filesystem being mounted at /483/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  165.434095][T10488] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.455732][T10496] loop0: detected capacity change from 0 to 1024
[  165.462480][T10496] EXT4-fs: Ignoring removed orlov option
[  165.480218][T10499] loop5: detected capacity change from 0 to 1024
[  165.489468][T10496] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  165.504390][T10499] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.557887][ T5146] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.623704][T10507] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2297'.
[  166.244328][T10520] xt_hashlimit: size too large, truncated to 1048576
[  166.339023][T10523] loop1: detected capacity change from 0 to 2048
[  166.401036][T10523] EXT4-fs (loop1): failed to initialize system zone (-117)
[  166.413237][T10523] EXT4-fs (loop1): mount failed
[  166.415734][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.469014][T10529] xt_hashlimit: size too large, truncated to 1048576
[  166.546883][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.560046][T10536] loop0: detected capacity change from 0 to 1024
[  166.601228][T10543] loop2: detected capacity change from 0 to 1024
[  166.608696][T10543] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  166.609851][T10536] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  166.633289][T10543] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.2309: Invalid block bitmap block 0 in block_group 0
[  166.649146][T10543] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.2309: Failed to acquire dquot type 0
[  166.661575][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.672431][T10543] EXT4-fs error (device loop2): ext4_free_blocks:6728: comm syz.2.2309: Freeing blocks not in datazone - block = 0, count = 4096
[  166.686485][T10543] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.2309: Invalid inode bitmap blk 0 in block_group 0
[  166.701846][T10543] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem
[  166.710539][ T1605] EXT4-fs error (device loop2): ext4_release_dquot:7022: comm kworker/u8:9: Failed to release dquot type 0
[  166.715306][T10543] EXT4-fs (loop2): 1 orphan inode deleted
[  166.733909][T10529] loop5: detected capacity change from 0 to 2048
[  166.742923][T10543] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.758088][T10529] EXT4-fs (loop5): failed to initialize system zone (-117)
[  166.765503][T10529] EXT4-fs (loop5): mount failed
[  166.770766][T10543] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.825966][T10551] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  166.835438][T10551] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a043c11c, mo2=0002]
[  166.843477][T10551] System zones: 1-12
[  166.848080][T10551] EXT4-fs error (device loop5): ext4_iget_extra_inode:5073: inode #15: comm syz.5.2311: corrupted in-inode xattr: e_value size too large
[  166.863967][T10551] EXT4-fs error (device loop5): ext4_orphan_get:1396: comm syz.5.2311: couldn't read orphan inode 15 (err -117)
[  166.877434][T10551] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  166.897897][T10551] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2311'.
[  166.920008][ T5146] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.972422][T10557] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.989106][T10557] ext4 filesystem being mounted at /522/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  167.001617][T10557] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  167.044054][T10567] EXT4-fs: Ignoring removed orlov option
[  167.052459][T10567] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  167.361062][   T29] kauditd_printk_skb: 188 callbacks suppressed
[  167.361080][   T29] audit: type=1326 audit(1765090714.309:26097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10573 comm="syz.1.2318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d414bf749 code=0x7ffc0000
[  167.401251][   T29] audit: type=1326 audit(1765090714.339:26098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10573 comm="syz.1.2318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7f9d414bf749 code=0x7ffc0000
[  167.425171][   T29] audit: type=1326 audit(1765090714.339:26099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10573 comm="syz.1.2318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d414bf749 code=0x7ffc0000
[  167.448788][   T29] audit: type=1326 audit(1765090714.339:26100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10573 comm="syz.1.2318" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d414bf749 code=0x7ffc0000
[  167.536898][T10580] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2321'.
[  167.562731][T10582] random: crng reseeded on system resumption
[  167.628177][T10588] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2320'.
[  167.957115][   T29] audit: type=1326 audit(1765090714.909:26101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10599 comm="syz.5.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22a96af749 code=0x7ffc0000
[  168.002396][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.011463][   T29] audit: type=1326 audit(1765090714.909:26102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10599 comm="syz.5.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22a96af749 code=0x7ffc0000
[  168.035534][   T29] audit: type=1326 audit(1765090714.929:26103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10599 comm="syz.5.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7f22a96af749 code=0x7ffc0000
[  168.041987][T10602] /dev/loop5: Can't open blockdev
[  168.059505][   T29] audit: type=1326 audit(1765090714.929:26104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10599 comm="syz.5.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22a96af749 code=0x7ffc0000
[  168.088266][   T29] audit: type=1326 audit(1765090714.929:26105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10599 comm="syz.5.2329" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22a96af749 code=0x7ffc0000
[  168.175417][   T29] audit: type=1326 audit(1765090714.989:26106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10603 comm="syz.2.2330" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6be8c9f749 code=0x7ffc0000
[  168.209222][T10588] EXT4-fs error (device loop1): ext4_ext_check_inode:523: inode #2: comm syz.1.2320: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 260(4), depth 0(0)
[  168.228338][T10588] EXT4-fs (loop1): get root inode failed
[  168.234248][T10588] EXT4-fs (loop1): mount failed
[  168.289120][T10618] random: crng reseeded on system resumption
[  168.361113][T10626] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  168.373833][T10626] ext4 filesystem being mounted at /277/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  168.392958][T10626] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.487662][T10635] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2342'.
[  168.625676][T10642] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  168.663173][T10642] syzkaller0: entered promiscuous mode
[  168.668792][T10642] syzkaller0: entered allmulticast mode
[  168.681861][T10641] tipc: Resetting bearer <eth:syzkaller0>
[  168.688316][T10648] random: crng reseeded on system resumption
[  168.698880][T10641] tipc: Disabling bearer <eth:syzkaller0>
[  168.805848][T10663] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  168.813885][T10663] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  168.821955][T10663] System zones: 0-1, 15-15, 18-18, 34-34
[  168.827727][T10663] EXT4-fs (loop0): orphan cleanup on readonly fs
[  168.834341][T10663] EXT4-fs warning (device loop0): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  168.849126][T10663] EXT4-fs (loop0): Cannot turn on quotas: error -22
[  168.857034][T10663] EXT4-fs (loop0): 1 truncate cleaned up
[  168.863284][T10663] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  169.051331][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.077790][T10675] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2358'.
[  169.212065][T10691] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  169.229883][T10695] random: crng reseeded on system resumption
[  169.244296][T10691] syzkaller0: entered promiscuous mode
[  169.250100][T10691] syzkaller0: entered allmulticast mode
[  169.278778][T10690] tipc: Resetting bearer <eth:syzkaller0>
[  169.290360][T10697] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  169.296774][T10697] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  169.304266][T10690] tipc: Disabling bearer <eth:syzkaller0>
[  169.373010][T10699] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  169.397046][T10699] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.2368: Invalid block bitmap block 0 in block_group 0
[  169.495831][T10710] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  169.503836][T10710] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  169.516634][T10699] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.2368: Failed to acquire dquot type 0
[  169.529489][T10710] System zones: 0-1, 15-15, 18-18, 34-34
[  169.535454][T10710] EXT4-fs (loop2): orphan cleanup on readonly fs
[  169.541976][T10710] EXT4-fs warning (device loop2): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  169.545321][T10699] EXT4-fs error (device loop4): ext4_free_blocks:6728: comm syz.4.2368: Freeing blocks not in datazone - block = 0, count = 4096
[  169.556736][T10710] EXT4-fs (loop2): Cannot turn on quotas: error -22
[  169.577006][T10710] EXT4-fs (loop2): 1 truncate cleaned up
[  169.583492][T10710] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  169.596800][T10699] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.2368: Invalid inode bitmap blk 0 in block_group 0
[  169.685668][T10699] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem
[  169.685760][ T1605] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:9: Failed to release dquot type 0
[  169.726110][T10715] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  169.738843][T10699] EXT4-fs (loop4): 1 orphan inode deleted
[  169.754916][ T3319] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.764824][T10699] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  169.778890][T10680] EXT4-fs error (device loop1): ext4_ext_check_inode:523: inode #2: comm syz.1.2358: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 260(4), depth 0(0)
[  169.803890][T10699] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.815244][T10680] EXT4-fs (loop1): get root inode failed
[  169.821030][T10680] EXT4-fs (loop1): mount failed
[  169.875760][ T3324] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  169.890448][T10729] xt_hashlimit: size too large, truncated to 1048576
[  170.039580][T10736] EXT4-fs (loop0): failed to initialize system zone (-117)
[  170.051628][T10738] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  170.067733][T10736] EXT4-fs (loop0): mount failed
[  170.081921][T10738] ext4 filesystem being mounted at /465/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  170.128650][T10738] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  170.218821][T10748] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  170.231059][T10748] syzkaller0: entered promiscuous mode
[  170.236937][T10748] syzkaller0: entered allmulticast mode
[  170.256322][T10747] tipc: Resetting bearer <eth:syzkaller0>
[  170.267481][T10747] tipc: Disabling bearer <eth:syzkaller0>
[  170.294208][T10752] set_capacity_and_notify: 13 callbacks suppressed
[  170.294226][T10752] loop4: detected capacity change from 0 to 1024
[  170.312117][T10752] EXT4-fs: Ignoring removed orlov option
[  170.357986][T10675] syz.1.2358 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  170.372271][T10675] CPU: 0 UID: 0 PID: 10675 Comm: syz.1.2358 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  170.372299][T10675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  170.372311][T10675] Call Trace:
[  170.372317][T10675]  <TASK>
[  170.372325][T10675]  __dump_stack+0x1d/0x30
[  170.372352][T10675]  dump_stack_lvl+0xe8/0x140
[  170.372394][T10675]  dump_stack+0x15/0x1b
[  170.372414][T10675]  dump_header+0x81/0x240
[  170.372436][T10675]  oom_kill_process+0x295/0x350
[  170.372461][T10675]  out_of_memory+0x97b/0xb80
[  170.372520][T10675]  try_charge_memcg+0x610/0xa10
[  170.372559][T10675]  obj_cgroup_charge_pages+0xa6/0x150
[  170.372592][T10675]  __memcg_kmem_charge_page+0x9f/0x170
[  170.372692][T10675]  __alloc_frozen_pages_noprof+0x18f/0x360
[  170.372740][T10675]  alloc_pages_mpol+0xb3/0x260
[  170.372764][T10675]  ? alloc_pages_noprof+0x61/0x130
[  170.372790][T10675]  alloc_pages_noprof+0x90/0x130
[  170.372845][T10675]  __vmalloc_node_range_noprof+0xa7b/0x1310
[  170.372951][T10675]  __kvmalloc_node_noprof+0x492/0x6b0
[  170.372989][T10675]  ? ip_set_alloc+0x24/0x30
[  170.373140][T10675]  ? ip_set_alloc+0x24/0x30
[  170.373173][T10675]  ip_set_alloc+0x24/0x30
[  170.373202][T10675]  hash_netiface_create+0x282/0x740
[  170.373234][T10675]  ? __pfx_hash_netiface_create+0x10/0x10
[  170.373273][T10675]  ip_set_create+0x3cc/0x970
[  170.373385][T10675]  ? __nla_parse+0x40/0x60
[  170.373432][T10675]  nfnetlink_rcv_msg+0x4c6/0x590
[  170.373473][T10675]  netlink_rcv_skb+0x123/0x220
[  170.373503][T10675]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  170.373591][T10675]  nfnetlink_rcv+0x167/0x16c0
[  170.373614][T10675]  ? kmem_cache_free+0xe3/0x3a0
[  170.373641][T10675]  ? __kfree_skb+0x109/0x150
[  170.373662][T10675]  ? nlmon_xmit+0x4f/0x60
[  170.373714][T10675]  ? consume_skb+0x49/0x150
[  170.373732][T10675]  ? nlmon_xmit+0x4f/0x60
[  170.373753][T10675]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  170.373782][T10675]  ? __dev_queue_xmit+0x138d/0x1ec0
[  170.373809][T10675]  ? __dev_queue_xmit+0x148/0x1ec0
[  170.373906][T10675]  ? ref_tracker_free+0x37d/0x3e0
[  170.373937][T10675]  ? __netlink_deliver_tap+0x4dc/0x500
[  170.373970][T10675]  netlink_unicast+0x5c0/0x690
[  170.374004][T10675]  netlink_sendmsg+0x58b/0x6b0
[  170.374033][T10675]  ? __pfx_netlink_sendmsg+0x10/0x10
[  170.374128][T10675]  __sock_sendmsg+0x145/0x180
[  170.374288][T10675]  ____sys_sendmsg+0x31e/0x4a0
[  170.374312][T10675]  ___sys_sendmsg+0x17b/0x1d0
[  170.374340][T10675]  __x64_sys_sendmsg+0xd4/0x160
[  170.374363][T10675]  x64_sys_call+0x17ba/0x3000
[  170.374433][T10675]  do_syscall_64+0xd8/0x2a0
[  170.374467][T10675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.374489][T10675] RIP: 0033:0x7f9d414bf749
[  170.374551][T10675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.374573][T10675] RSP: 002b:00007f9d3ff27038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  170.374599][T10675] RAX: ffffffffffffffda RBX: 00007f9d41715fa0 RCX: 00007f9d414bf749
[  170.374615][T10675] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000008
[  170.374631][T10675] RBP: 00007f9d41543f91 R08: 0000000000000000 R09: 0000000000000000
[  170.374647][T10675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  170.374733][T10675] R13: 00007f9d41716038 R14: 00007f9d41715fa0 R15: 00007ffd2d569b88
[  170.374754][T10675]  </TASK>
[  170.374763][T10675] memory: usage 307200kB, limit 307200kB, failcnt 3521
[  170.716827][T10675] memory+swap: usage 307584kB, limit 9007199254740988kB, failcnt 0
[  170.724869][T10675] kmem: usage 300572kB, limit 9007199254740988kB, failcnt 0
[  170.732242][T10675] Memory cgroup stats for /syz1:
[  170.888048][T10675] cache 4096
[  170.896538][T10675] rss 6782976
[  170.900044][T10675] shmem 4096
[  170.903246][T10675] mapped_file 0
[  170.906848][T10675] dirty 0
[  170.909798][T10675] writeback 0
[  170.913099][T10675] workingset_refault_anon 324
[  170.917915][T10675] workingset_refault_file 1834
[  170.922704][T10675] swap 393216
[  170.926030][T10675] swapcached 0
[  170.929488][T10675] pgpgin 181322
[  170.932954][T10675] pgpgout 179665
[  170.936575][T10675] pgfault 166715
[  170.940123][T10675] pgmajfault 200
[  170.943677][T10675] inactive_anon 0
[  170.947422][T10675] active_anon 0
[  170.950891][T10675] inactive_file 6782976
[  170.955154][T10675] active_file 0
[  170.958683][T10675] unevictable 4096
[  170.962411][T10675] hierarchical_memory_limit 314572800
[  170.967815][T10675] hierarchical_memsw_limit 9223372036854771712
[  170.973972][T10675] total_cache 4096
[  170.977750][T10675] total_rss 6782976
[  170.981567][T10675] total_shmem 4096
[  170.985395][T10675] total_mapped_file 0
[  170.989450][T10675] total_dirty 0
[  170.993079][T10675] total_writeback 0
[  170.997003][T10675] total_workingset_refault_anon 324
[  171.002207][T10675] total_workingset_refault_file 1834
[  171.007705][T10675] total_swap 393216
[  171.011516][T10675] total_swapcached 0
[  171.015434][T10675] total_pgpgin 181322
[  171.019440][T10675] total_pgpgout 179665
[  171.023518][T10675] total_pgfault 166715
[  171.027612][T10675] total_pgmajfault 200
[  171.031684][T10675] total_inactive_anon 0
[  171.035900][T10675] total_active_anon 0
[  171.039985][T10675] total_inactive_file 6782976
[  171.045120][T10675] total_active_file 0
[  171.049115][T10675] total_unevictable 4096
[  171.053372][T10675] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.2358,pid=10674,uid=0
[  171.068271][T10675] Memory cgroup out of memory: Killed process 10674 (syz.1.2358) total-vm:96148kB, anon-rss:7920kB, file-rss:22444kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  171.191977][T10775] loop4: detected capacity change from 0 to 1024
[  171.201517][T10775] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  171.216866][T10775] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.2393: Invalid block bitmap block 0 in block_group 0
[  171.245392][T10775] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.2393: Failed to acquire dquot type 0
[  171.282327][T10778] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2394'.
[  171.287666][T10775] EXT4-fs error (device loop4): ext4_free_blocks:6728: comm syz.4.2393: Freeing blocks not in datazone - block = 0, count = 4096
[  171.339073][T10775] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.2393: Invalid inode bitmap blk 0 in block_group 0
[  171.367725][ T1605] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:9: Failed to release dquot type 0
[  171.390746][T10775] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem
[  171.416406][T10775] EXT4-fs (loop4): 1 orphan inode deleted
[  171.615793][T10795] loop4: detected capacity change from 0 to 512
[  171.684105][T10795] ext4 filesystem being mounted at /467/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  171.799514][T10802] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  171.854337][T10804] loop1: detected capacity change from 0 to 1024
[  171.864084][T10804] EXT4-fs: Ignoring removed orlov option
[  171.887655][T10753] Set syz1 is full, maxelem 65536 reached
[  172.005832][T10813] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2406'.
[  172.259987][T10824] loop4: detected capacity change from 0 to 1024
[  172.270525][T10824] EXT4-fs: Ignoring removed orlov option
[  172.426727][T10831] loop4: detected capacity change from 0 to 1024
[  172.455656][T10831] EXT4-fs: Ignoring removed orlov option
[  172.462388][   T29] kauditd_printk_skb: 588 callbacks suppressed
[  172.462408][   T29] audit: type=1326 audit(1765090719.409:26687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10825 comm="syz.5.2411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22a96af749 code=0x7ffc0000
[  172.705417][   T29] audit: type=1326 audit(1765090719.449:26688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10825 comm="syz.5.2411" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f22a96af749 code=0x7ffc0000
[  172.760478][T10844] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  172.761511][T10842] loop1: detected capacity change from 0 to 1024
[  172.766934][T10844] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  172.784657][   T29] audit: type=1326 audit(1765090719.729:26689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10845 comm="syz.2.2419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6be8c9f749 code=0x7ffc0000
[  172.822269][T10848] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2420'.
[  172.838286][T10840] loop4: detected capacity change from 0 to 1024
[  172.854984][   T29] audit: type=1326 audit(1765090719.759:26690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10845 comm="syz.2.2419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7f6be8c9f749 code=0x7ffc0000
[  172.878918][   T29] audit: type=1326 audit(1765090719.759:26691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10845 comm="syz.2.2419" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6be8c9f749 code=0x7ffc0000
[  172.880726][T10840] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  172.927485][T10840] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.2417: Invalid block bitmap block 0 in block_group 0
[  172.941321][T10840] Quota error (device loop4): write_blk: dquota write failed
[  172.948760][T10840] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  172.959044][T10840] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.2417: Failed to acquire dquot type 0
[  172.965318][T10858] loop2: detected capacity change from 0 to 1024
[  172.971240][T10840] EXT4-fs error (device loop4): ext4_free_blocks:6728: comm syz.4.2417: Freeing blocks not in datazone - block = 0, count = 4096
[  172.990830][T10840] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.2417: Invalid inode bitmap blk 0 in block_group 0
[  173.003826][T10840] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem
[  173.012936][ T1605] Quota error (device loop4): do_check_range: Getting block 0 out of range 1-7
[  173.022113][ T1605] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:9: Failed to release dquot type 0
[  173.034105][T10858] EXT4-fs: Ignoring removed orlov option
[  173.035529][T10840] EXT4-fs (loop4): 1 orphan inode deleted
[  173.046062][   T29] audit: type=1326 audit(1765090719.999:26692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10860 comm="syz.1.2424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d414bf749 code=0x7ffc0000
[  173.069874][   T29] audit: type=1326 audit(1765090719.999:26693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10860 comm="syz.1.2424" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d414bf749 code=0x7ffc0000
[  173.174002][T10874] loop5: detected capacity change from 0 to 1024
[  173.180773][T10874] EXT4-fs: Ignoring removed orlov option
[  173.256985][T10882] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  173.278524][T10883] ext4 filesystem being mounted at /474/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  173.616512][T10890] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2433'.
[  174.024178][T10901] xt_hashlimit: size too large, truncated to 1048576
[  174.306962][T10905] EXT4-fs (loop0): failed to initialize system zone (-117)
[  174.314550][T10905] EXT4-fs (loop0): mount failed
[  174.358015][T10915] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  174.392471][T10917] EXT4-fs: Ignoring removed orlov option
[  174.421957][T10922] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  174.442536][T10922] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:483: comm syz.2.2443: Invalid block bitmap block 0 in block_group 0
[  174.456629][T10922] EXT4-fs error (device loop2): ext4_acquire_dquot:6986: comm syz.2.2443: Failed to acquire dquot type 0
[  174.468619][T10922] EXT4-fs error (device loop2): ext4_free_blocks:6728: comm syz.2.2443: Freeing blocks not in datazone - block = 0, count = 4096
[  174.482771][T10922] EXT4-fs error (device loop2): ext4_read_inode_bitmap:139: comm syz.2.2443: Invalid inode bitmap blk 0 in block_group 0
[  174.495803][   T31] EXT4-fs error (device loop2): ext4_release_dquot:7022: comm kworker/u8:1: Failed to release dquot type 0
[  174.496852][T10922] EXT4-fs error (device loop2) in ext4_free_inode:361: Corrupt filesystem
[  174.516430][T10922] EXT4-fs (loop2): 1 orphan inode deleted
[  174.720820][T10939] ext4 filesystem being mounted at /562/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  174.738864][T10947] random: crng reseeded on system resumption
[  174.777896][T10949] EXT4-fs: Ignoring removed orlov option
[  175.343827][T10959] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  175.380303][T10962] xt_hashlimit: size too large, truncated to 1048576
[  175.662748][T10983] set_capacity_and_notify: 6 callbacks suppressed
[  175.662769][T10983] loop4: detected capacity change from 0 to 1024
[  175.668383][T10978] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2463'.
[  175.676206][T10983] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  175.697024][T10983] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.2464: Invalid block bitmap block 0 in block_group 0
[  175.715507][T10983] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.2464: Failed to acquire dquot type 0
[  175.732898][T10983] EXT4-fs error (device loop4): ext4_free_blocks:6728: comm syz.4.2464: Freeing blocks not in datazone - block = 0, count = 4096
[  175.747534][T10983] EXT4-fs error (device loop4): ext4_read_inode_bitmap:139: comm syz.4.2464: Invalid inode bitmap blk 0 in block_group 0
[  175.760690][T10983] EXT4-fs error (device loop4) in ext4_free_inode:361: Corrupt filesystem
[  175.769537][ T3615] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:17: Failed to release dquot type 0
[  175.781784][T10983] EXT4-fs (loop4): 1 orphan inode deleted
[  175.832724][T11004] loop5: detected capacity change from 0 to 1024
[  175.860601][T11009] loop1: detected capacity change from 0 to 512
[  175.876083][T11009] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  175.884232][T11009] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  175.892628][T11009] System zones: 0-1, 15-15, 18-18, 34-34
[  175.894655][T11016] loop5: detected capacity change from 0 to 1024
[  175.898865][T11009] EXT4-fs (loop1): orphan cleanup on readonly fs
[  175.905624][T11016] EXT4-fs: Ignoring removed orlov option
[  175.912166][T11009] EXT4-fs warning (device loop1): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  175.931784][T11009] EXT4-fs (loop1): Cannot turn on quotas: error -22
[  175.938999][T11009] EXT4-fs (loop1): 1 truncate cleaned up
[  176.029155][T11023] loop4: detected capacity change from 0 to 512
[  176.068802][T11023] ext4 filesystem being mounted at /480/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  176.127195][T11027] loop1: detected capacity change from 0 to 512
[  176.136417][T11027] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  176.144368][T11027] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  176.152567][T11027] System zones: 0-1, 15-15, 18-18, 34-34
[  176.158666][T11027] EXT4-fs (loop1): orphan cleanup on readonly fs
[  176.165310][T11027] EXT4-fs warning (device loop1): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  176.180311][T11027] EXT4-fs (loop1): Cannot turn on quotas: error -22
[  176.187458][T11027] EXT4-fs (loop1): 1 truncate cleaned up
[  176.354635][T11033] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2476'.
[  176.576215][T11047] random: crng reseeded on system resumption
[  176.618292][T11053] loop0: detected capacity change from 0 to 512
[  176.647923][T11053] EXT4-fs (loop0): revision level too high, forcing read-only mode
[  176.656101][T11053] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  176.664334][T11053] System zones: 0-1, 15-15, 18-18, 34-34
[  176.675615][T11053] EXT4-fs (loop0): orphan cleanup on readonly fs
[  176.676309][T11058] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2487'.
[  176.682536][T11053] EXT4-fs warning (device loop0): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  176.706772][T11053] EXT4-fs (loop0): Cannot turn on quotas: error -22
[  176.713800][T11053] EXT4-fs (loop0): 1 truncate cleaned up
[  176.824039][T11070] xt_hashlimit: size too large, truncated to 1048576
[  176.928496][T11073] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  176.954062][T11071] loop4: detected capacity change from 0 to 2048
[  176.964869][T11073] syzkaller0: entered promiscuous mode
[  176.970538][T11073] syzkaller0: entered allmulticast mode
[  176.988243][T11072] tipc: Resetting bearer <eth:syzkaller0>
[  176.997259][T11071] EXT4-fs (loop4): failed to initialize system zone (-117)
[  177.004751][T11071] EXT4-fs (loop4): mount failed
[  177.015526][T11072] tipc: Disabling bearer <eth:syzkaller0>
[  177.037960][T11086] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  177.055031][T11085] tipc: Disabling bearer <eth:syzkaller0>
[  177.082287][T11090] random: crng reseeded on system resumption
[  177.102135][T11092] loop4: detected capacity change from 0 to 1024
[  177.119305][T11092] EXT4-fs: Ignoring removed orlov option
[  177.129211][T11094] loop1: detected capacity change from 0 to 1024
[  177.140016][T11094] EXT4-fs: Ignoring removed orlov option
[  177.207634][T11102] random: crng reseeded on system resumption
[  177.657599][T11129] random: crng reseeded on system resumption
[  177.723305][T11136] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2515'.
[  177.814690][   T29] kauditd_printk_skb: 655 callbacks suppressed
[  177.814709][   T29] audit: type=1326 audit(1765090724.759:27340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11137 comm="syz.0.2516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  177.865180][   T29] audit: type=1326 audit(1765090724.759:27341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11137 comm="syz.0.2516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  177.881596][T11127] netlink: 14 bytes leftover after parsing attributes in process `syz.5.2511'.
[  177.888911][   T29] audit: type=1326 audit(1765090724.759:27342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11137 comm="syz.0.2516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  177.921815][   T29] audit: type=1326 audit(1765090724.759:27343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11137 comm="syz.0.2516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  177.945689][   T29] audit: type=1326 audit(1765090724.759:27344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11137 comm="syz.0.2516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  177.969540][   T29] audit: type=1326 audit(1765090724.759:27345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11137 comm="syz.0.2516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  177.993498][   T29] audit: type=1326 audit(1765090724.769:27346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11137 comm="syz.0.2516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  178.018017][   T29] audit: type=1326 audit(1765090724.769:27347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11137 comm="syz.0.2516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  178.041625][   T29] audit: type=1326 audit(1765090724.769:27348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11137 comm="syz.0.2516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  178.065561][   T29] audit: type=1326 audit(1765090724.769:27349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11137 comm="syz.0.2516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  178.126572][T11144] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  178.191837][T11143] tipc: Disabling bearer <eth:syzkaller0>
[  178.437036][T11164] random: crng reseeded on system resumption
[  178.444664][T11166] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2526'.
[  178.466470][T11127] EXT4-fs error (device loop5): ext4_ext_check_inode:523: inode #2: comm syz.5.2511: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 260(4), depth 0(0)
[  178.490755][T11127] EXT4-fs (loop5): get root inode failed
[  178.496476][T11127] EXT4-fs (loop5): mount failed
[  178.571943][T11180] EXT4-fs: Ignoring removed orlov option
[  178.972062][T11206] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2539'.
[  179.159776][T11212] xt_hashlimit: size too large, truncated to 1048576
[  179.177713][T11214] random: crng reseeded on system resumption
[  179.316593][T11215] EXT4-fs (loop2): failed to initialize system zone (-117)
[  179.324696][T11215] EXT4-fs (loop2): mount failed
[  179.647037][T11249] netlink: 'syz.2.2554': attribute type 3 has an invalid length.
[  179.712994][T11254] random: crng reseeded on system resumption
[  179.818795][T11263] xt_hashlimit: size too large, truncated to 1048576
[  179.853006][T11265] EXT4-fs: Ignoring removed orlov option
[  179.973705][T11126] syz.5.2511 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  179.984986][T11126] CPU: 1 UID: 0 PID: 11126 Comm: syz.5.2511 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  179.985015][T11126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  179.985053][T11126] Call Trace:
[  179.985069][T11126]  <TASK>
[  179.985078][T11126]  __dump_stack+0x1d/0x30
[  179.985105][T11126]  dump_stack_lvl+0xe8/0x140
[  179.985138][T11126]  dump_stack+0x15/0x1b
[  179.985195][T11126]  dump_header+0x81/0x240
[  179.985217][T11126]  oom_kill_process+0x295/0x350
[  179.985244][T11126]  out_of_memory+0x97b/0xb80
[  179.985271][T11126]  try_charge_memcg+0x610/0xa10
[  179.985313][T11126]  charge_memcg+0x51/0xc0
[  179.985443][T11126]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  179.985481][T11126]  __read_swap_cache_async+0x17b/0x2d0
[  179.985671][T11126]  swap_cluster_readahead+0x362/0x3c0
[  179.985708][T11126]  swapin_readahead+0xde/0x820
[  179.985742][T11126]  ? mod_memcg_lruvec_state+0x1a1/0x280
[  179.985813][T11126]  ? __rcu_read_unlock+0x34/0x70
[  179.985832][T11126]  ? __rcu_read_unlock+0x4f/0x70
[  179.985854][T11126]  ? swap_cache_get_folio+0x277/0x280
[  179.985945][T11126]  do_swap_page+0x2b4/0x21e0
[  179.985972][T11126]  ? css_rstat_updated+0xb7/0x240
[  179.985998][T11126]  ? __pfx_default_wake_function+0x10/0x10
[  179.986070][T11126]  handle_mm_fault+0x9d8/0x2c60
[  179.986152][T11126]  do_user_addr_fault+0x630/0x1080
[  179.986179][T11126]  exc_page_fault+0x62/0xa0
[  179.986200][T11126]  asm_exc_page_fault+0x26/0x30
[  179.986235][T11126] RIP: 0033:0x7f22a9571159
[  179.986253][T11126] Code: 00 80 3d 72 6c 39 00 00 48 8b 47 18 48 8b 4f 28 74 1f 48 8b 30 89 f2 83 c6 02 48 8d 04 f0 89 57 04 48 39 c1 0f 92 c0 88 47 48 <c3> 66 0f 1f 44 00 00 8b 10 8d 72 02 89 57 04 48 8d 04 b0 48 39 c1
[  179.986269][T11126] RSP: 002b:00007ffcf1acd3e8 EFLAGS: 00010206
[  179.986285][T11126] RAX: 00007f22a8119000 RBX: 00007f22a9905f40 RCX: 00007f22a8919000
[  179.986326][T11126] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00007f22a9905f40
[  179.986338][T11126] RBP: 00007f22a9907da0 R08: 000000000001643c R09: 0000001ef1acd6ef
[  179.986351][T11126] R10: 00007f22a9907cb0 R11: 0000000000000246 R12: 000000000002ba06
[  179.986364][T11126] R13: 00007f22a9905fa0 R14: ffffffffffffffff R15: 00007ffcf1acd510
[  179.986394][T11126]  </TASK>
[  180.201129][T11126] memory: usage 307200kB, limit 307200kB, failcnt 2659
[  180.208119][T11126] memory+swap: usage 307408kB, limit 9007199254740988kB, failcnt 0
[  180.216065][T11126] kmem: usage 301496kB, limit 9007199254740988kB, failcnt 0
[  180.223376][T11126] Memory cgroup stats for /syz5:
[  180.226960][T11267] EXT4-fs (loop2): failed to initialize system zone (-117)
[  180.239308][T11267] EXT4-fs (loop2): mount failed
[  180.283648][T11126] cache 0
[  180.286825][T11126] rss 5836800
[  180.290204][T11126] shmem 0
[  180.293337][T11126] mapped_file 0
[  180.296885][T11126] dirty 0
[  180.299847][T11126] writeback 0
[  180.303226][T11126] workingset_refault_anon 548
[  180.308449][T11126] workingset_refault_file 0
[  180.313032][T11126] swap 212992
[  180.316421][T11126] swapcached 0
[  180.319803][T11126] pgpgin 53769
[  180.323383][T11126] pgpgout 52343
[  180.327098][T11126] pgfault 75690
[  180.330658][T11126] pgmajfault 409
[  180.334210][T11126] inactive_anon 0
[  180.337953][T11126] active_anon 0
[  180.341437][T11126] inactive_file 5840896
[  180.345621][T11126] active_file 0
[  180.349094][T11126] unevictable 0
[  180.352569][T11126] hierarchical_memory_limit 314572800
[  180.357998][T11126] hierarchical_memsw_limit 9223372036854771712
[  180.364165][T11126] total_cache 0
[  180.367794][T11126] total_rss 5836800
[  180.371618][T11126] total_shmem 0
[  180.375207][T11126] total_mapped_file 0
[  180.379222][T11126] total_dirty 0
[  180.382719][T11126] total_writeback 0
[  180.386626][T11126] total_workingset_refault_anon 548
[  180.392213][T11126] total_workingset_refault_file 0
[  180.397427][T11126] total_swap 212992
[  180.401237][T11126] total_swapcached 0
[  180.405162][T11126] total_pgpgin 53769
[  180.409145][T11126] total_pgpgout 52343
[  180.413226][T11126] total_pgfault 75690
[  180.417517][T11126] total_pgmajfault 409
[  180.421688][T11126] total_inactive_anon 0
[  180.425916][T11126] total_active_anon 0
[  180.429909][T11126] total_inactive_file 5840896
[  180.434602][T11126] total_active_file 0
[  180.438619][T11126] total_unevictable 0
[  180.442876][T11126] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.2511,pid=11126,uid=0
[  180.457689][T11126] Memory cgroup out of memory: Killed process 11126 (syz.5.2511) total-vm:96148kB, anon-rss:6896kB, file-rss:22600kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  180.747487][T11290] set_capacity_and_notify: 8 callbacks suppressed
[  180.747504][T11290] loop0: detected capacity change from 0 to 1024
[  180.784003][T11290] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  180.824381][T11290] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:483: comm syz.0.2566: Invalid block bitmap block 0 in block_group 0
[  180.855336][T11290] EXT4-fs error (device loop0): ext4_acquire_dquot:6986: comm syz.0.2566: Failed to acquire dquot type 0
[  181.146624][T11290] EXT4-fs error (device loop0): ext4_free_blocks:6728: comm syz.0.2566: Freeing blocks not in datazone - block = 0, count = 4096
[  181.175528][T11290] EXT4-fs error (device loop0): ext4_read_inode_bitmap:139: comm syz.0.2566: Invalid inode bitmap blk 0 in block_group 0
[  181.197095][ T3621] EXT4-fs error (device loop0): ext4_release_dquot:7022: comm kworker/u8:23: Failed to release dquot type 0
[  181.216431][T11290] EXT4-fs error (device loop0) in ext4_free_inode:361: Corrupt filesystem
[  181.233030][T11290] EXT4-fs (loop0): 1 orphan inode deleted
[  181.330077][T11307] random: crng reseeded on system resumption
[  181.421043][T11315] xt_hashlimit: size too large, truncated to 1048576
[  181.473489][T11316] loop0: detected capacity change from 0 to 512
[  181.497334][T11317] loop2: detected capacity change from 0 to 2048
[  181.522292][T11317] EXT4-fs (loop2): failed to initialize system zone (-117)
[  181.529972][T11317] EXT4-fs (loop2): mount failed
[  181.538510][T11316] ext4 filesystem being mounted at /547/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  181.646934][T11324] loop2: detected capacity change from 0 to 1024
[  181.653704][T11324] EXT4-fs: Ignoring removed orlov option
[  182.486370][T11350] loop5: detected capacity change from 0 to 1024
[  182.540189][T11354] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2585'.
[  182.554532][T11356] xt_hashlimit: size too large, truncated to 1048576
[  182.656067][T11358] loop4: detected capacity change from 0 to 2048
[  182.720449][T11358] EXT4-fs (loop4): failed to initialize system zone (-117)
[  182.727942][T11358] EXT4-fs (loop4): mount failed
[  182.820031][   T29] kauditd_printk_skb: 409 callbacks suppressed
[  182.820048][   T29] audit: type=1400 audit(1765090729.769:27756): avc:  denied  { create } for  pid=11369 comm="syz.5.2590" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1
[  182.906874][T11382] loop2: detected capacity change from 0 to 1024
[  182.919504][T11382] EXT4-fs: Ignoring removed orlov option
[  182.952027][T11390] random: crng reseeded on system resumption
[  182.988940][T11394] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2598'.
[  183.174967][T11400] loop5: detected capacity change from 0 to 1024
[  183.196054][T11399] lo speed is unknown, defaulting to 1000
[  183.206723][T11404] xt_hashlimit: size too large, truncated to 1048576
[  183.210816][T11403] loop1: detected capacity change from 0 to 1024
[  183.224516][T11403] EXT4-fs: dax option not supported
[  183.247014][T11403] loop1: detected capacity change from 0 to 512
[  183.372602][T11413] EXT4-fs (loop4): failed to initialize system zone (-117)
[  183.395153][T11403] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.2602: inode has both inline data and extents flags
[  183.416352][T11413] EXT4-fs (loop4): mount failed
[  183.427982][T11403] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.2602: couldn't read orphan inode 15 (err -117)
[  183.445986][   T29] audit: type=1400 audit(1765090730.399:27757): avc:  denied  { mounton } for  pid=11401 comm="syz.1.2602" path="/539/file1/bus" dev="loop1" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  183.515596][ T3330] EXT4-fs warning (device loop1): htree_dirblock_to_tree:1051: inode #2: lblock 0: comm syz-executor: error -5 reading directory block
[  183.561587][   T29] audit: type=1326 audit(1765090730.509:27758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11428 comm="syz.4.2610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec4746f749 code=0x7ffc0000
[  183.601828][ T3621] EXT4-fs error (device loop1): __ext4_get_inode_loc_noinmem:4953: inode #2: block 5: comm kworker/u8:23: unable to read itable block
[  183.606273][   T29] audit: type=1326 audit(1765090730.509:27759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11428 comm="syz.4.2610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7fec4746f749 code=0x7ffc0000
[  183.617190][ T3621] Buffer I/O error on dev loop1, logical block 1, lost sync page write
[  183.639576][   T29] audit: type=1326 audit(1765090730.509:27760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11428 comm="syz.4.2610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fec4746f749 code=0x7ffc0000
[  183.678955][T11434] random: crng reseeded on system resumption
[  183.690695][ T3621] EXT4-fs (loop1): I/O error while writing superblock
[  183.710436][ T8895] Buffer I/O error on dev loop1, logical block 1, lost sync page write
[  183.720061][T11436] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2614'.
[  183.740635][ T8895] EXT4-fs (loop1): I/O error while writing superblock
[  183.776792][T11440] xt_hashlimit: size too large, truncated to 1048576
[  183.849493][T11445] EXT4-fs: Ignoring removed nomblk_io_submit option
[  183.963794][T11454] Driver unsupported XDP return value 0 on prog  (id 1195) dev N/A, expect packet loss!
[  183.975421][T11454] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2619'.
[  183.985169][   T29] audit: type=1326 audit(1765090730.909:27761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11453 comm="syz.2.2619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6be8c9f749 code=0x7ffc0000
[  184.008958][   T29] audit: type=1326 audit(1765090730.909:27762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11453 comm="syz.2.2619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f6be8c9f749 code=0x7ffc0000
[  184.032822][   T29] audit: type=1326 audit(1765090730.909:27763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11453 comm="syz.2.2619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6be8c9f749 code=0x7ffc0000
[  184.056755][   T29] audit: type=1326 audit(1765090730.909:27764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11453 comm="syz.2.2619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6be8c9f749 code=0x7ffc0000
[  184.080739][   T29] audit: type=1326 audit(1765090730.909:27765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11453 comm="syz.2.2619" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6be8c9f749 code=0x7ffc0000
[  184.114239][T11451] EXT4-fs (loop5): failed to initialize system zone (-117)
[  184.222893][T11451] EXT4-fs (loop5): mount failed
[  184.306760][T11468] netlink: 332 bytes leftover after parsing attributes in process `syz.5.2621'.
[  184.340666][T11455] lo speed is unknown, defaulting to 1000
[  184.344159][T11468] FAULT_INJECTION: forcing a failure.
[  184.344159][T11468] name failslab, interval 1, probability 0, space 0, times 0
[  184.359605][T11468] CPU: 0 UID: 0 PID: 11468 Comm: syz.5.2621 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  184.359773][T11468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  184.359787][T11468] Call Trace:
[  184.359795][T11468]  <TASK>
[  184.359803][T11468]  __dump_stack+0x1d/0x30
[  184.359905][T11468]  dump_stack_lvl+0xe8/0x140
[  184.359930][T11468]  dump_stack+0x15/0x1b
[  184.359951][T11468]  should_fail_ex+0x265/0x280
[  184.360018][T11468]  should_failslab+0x8c/0xb0
[  184.360038][T11468]  __kmalloc_cache_noprof+0x65/0x4c0
[  184.360123][T11468]  ? netlbl_cipsov4_add+0x351/0x1280
[  184.360147][T11468]  netlbl_cipsov4_add+0x351/0x1280
[  184.360164][T11468]  ? genl_family_rcv_msg_attrs_parse+0x13b/0x190
[  184.360202][T11468]  ? genl_family_rcv_msg_attrs_parse+0x184/0x190
[  184.360279][T11468]  genl_family_rcv_msg_doit+0x143/0x1b0
[  184.360311][T11468]  genl_rcv_msg+0x422/0x460
[  184.360393][T11468]  ? __pfx_netlbl_cipsov4_add+0x10/0x10
[  184.360423][T11468]  netlink_rcv_skb+0x123/0x220
[  184.360530][T11468]  ? __pfx_genl_rcv_msg+0x10/0x10
[  184.360586][T11468]  genl_rcv+0x28/0x40
[  184.360617][T11468]  netlink_unicast+0x5c0/0x690
[  184.360651][T11468]  netlink_sendmsg+0x58b/0x6b0
[  184.360675][T11468]  ? __pfx_netlink_sendmsg+0x10/0x10
[  184.360800][T11468]  __sock_sendmsg+0x145/0x180
[  184.360828][T11468]  ____sys_sendmsg+0x31e/0x4a0
[  184.360856][T11468]  ___sys_sendmsg+0x17b/0x1d0
[  184.360900][T11468]  __x64_sys_sendmsg+0xd4/0x160
[  184.360930][T11468]  x64_sys_call+0x17ba/0x3000
[  184.360951][T11468]  do_syscall_64+0xd8/0x2a0
[  184.360985][T11468]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  184.361130][T11468] RIP: 0033:0x7f22a96af749
[  184.361197][T11468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  184.361301][T11468] RSP: 002b:00007f22a8117038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  184.361320][T11468] RAX: ffffffffffffffda RBX: 00007f22a9905fa0 RCX: 00007f22a96af749
[  184.361336][T11468] RDX: 000000000004c000 RSI: 00002000000001c0 RDI: 0000000000000004
[  184.361351][T11468] RBP: 00007f22a8117090 R08: 0000000000000000 R09: 0000000000000000
[  184.361442][T11468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  184.361465][T11468] R13: 00007f22a9906038 R14: 00007f22a9905fa0 R15: 00007ffcf1acd298
[  184.361508][T11468]  </TASK>
[  184.665466][T11478] EXT4-fs: Ignoring removed orlov option
[  184.672169][T11481] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2627'.
[  184.774555][T11455] chnl_net:caif_netlink_parms(): no params data found
[  184.851381][T11455] bridge0: port 1(bridge_slave_0) entered blocking state
[  184.858720][T11455] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.866088][T11455] bridge_slave_0: entered allmulticast mode
[  184.872739][T11455] bridge_slave_0: entered promiscuous mode
[  184.880007][T11455] bridge0: port 2(bridge_slave_1) entered blocking state
[  184.887146][T11455] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.894762][T11455] bridge_slave_1: entered allmulticast mode
[  184.901439][T11455] bridge_slave_1: entered promiscuous mode
[  184.921117][T11455] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  184.932415][T11455] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  184.945197][T11503] xt_hashlimit: size too large, truncated to 1048576
[  184.961029][T11455] team0: Port device team_slave_0 added
[  184.968028][T11455] team0: Port device team_slave_1 added
[  185.104320][T11505] EXT4-fs (loop4): failed to initialize system zone (-117)
[  185.112838][T11505] EXT4-fs (loop4): mount failed
[  185.119282][T11455] batman_adv: batadv0: Adding interface: batadv_slave_0
[  185.119445][T11510] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2631'.
[  185.126535][T11455] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  185.161476][T11455] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  185.261486][T11455] batman_adv: batadv0: Adding interface: batadv_slave_1
[  185.268577][T11455] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  185.294623][T11455] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  185.384550][T11455] hsr_slave_0: entered promiscuous mode
[  185.399101][T11455] hsr_slave_1: entered promiscuous mode
[  185.451060][T11455] debugfs: 'hsr0' already exists in 'hsr'
[  185.456881][T11455] Cannot create hsr debugfs directory
[  185.524874][T11521] random: crng reseeded on system resumption
[  185.647644][T11455] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  185.664714][T11455] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  185.674731][T11455] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  185.683190][T11528] syz.4.2639: attempt to access beyond end of device
[  185.683190][T11528] loop4: rw=524288, sector=263328, nr_sectors = 4 limit=164
[  185.699121][T11455] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  185.699288][T11514] netlink: 14 bytes leftover after parsing attributes in process `syz.5.2634'.
[  185.706175][T11528] syz.4.2639: attempt to access beyond end of device
[  185.706175][T11528] loop4: rw=0, sector=263328, nr_sectors = 4 limit=164
[  185.771064][T11536] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2640'.
[  185.826749][T11455] 8021q: adding VLAN 0 to HW filter on device bond0
[  185.866504][T11540] set_capacity_and_notify: 9 callbacks suppressed
[  185.866532][T11540] loop2: detected capacity change from 0 to 1024
[  185.883261][T11455] 8021q: adding VLAN 0 to HW filter on device team0
[  185.890086][T11541] loop5: detected capacity change from 0 to 2048
[  185.899534][ T3621] bridge0: port 1(bridge_slave_0) entered blocking state
[  185.906627][ T3621] bridge0: port 1(bridge_slave_0) entered forwarding state
[  185.930257][T11543] loop4: detected capacity change from 0 to 512
[  185.941874][T11541] EXT4-fs error (device loop5): ext4_ext_check_inode:523: inode #2: comm syz.5.2634: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 260(4), depth 0(0)
[  185.960612][ T3621] bridge0: port 2(bridge_slave_1) entered blocking state
[  185.967849][ T3621] bridge0: port 2(bridge_slave_1) entered forwarding state
[  185.968298][T11541] EXT4-fs (loop5): get root inode failed
[  185.980973][T11541] EXT4-fs (loop5): mount failed
[  186.003637][T11543] ext4 filesystem being mounted at /515/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  186.027496][T11552] xt_hashlimit: size too large, truncated to 1048576
[  186.062108][T11543] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  186.136809][T11554] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2643'.
[  186.146111][T11554] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2643'.
[  186.273718][T11560] loop2: detected capacity change from 0 to 2048
[  186.297057][T11566] loop4: detected capacity change from 0 to 1024
[  186.304147][T11566] EXT4-fs: Ignoring removed orlov option
[  186.311727][T11560] EXT4-fs (loop2): failed to initialize system zone (-117)
[  186.320382][T11455] 8021q: adding VLAN 0 to HW filter on device batadv0
[  186.417808][T11560] EXT4-fs (loop2): mount failed
[  186.497112][T11590] random: crng reseeded on system resumption
[  186.562270][T11455] veth0_vlan: entered promiscuous mode
[  186.588612][T11455] veth1_vlan: entered promiscuous mode
[  186.608802][T11455] veth0_macvtap: entered promiscuous mode
[  186.624140][T11455] veth1_macvtap: entered promiscuous mode
[  186.643414][T11455] batman_adv: batadv0: Interface activated: batadv_slave_0
[  186.656937][T11455] batman_adv: batadv0: Interface activated: batadv_slave_1
[  186.669441][   T53] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  186.727200][   T53] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  186.738595][   T53] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  186.747552][   T53] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  186.776969][T11605] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  186.783540][T11605] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  186.868629][T11607] loop6: detected capacity change from 0 to 1024
[  186.915650][T11611] netlink: 332 bytes leftover after parsing attributes in process `syz.6.2655'.
[  186.931673][T11611] netlink: 160 bytes leftover after parsing attributes in process `syz.6.2655'.
[  187.161748][T11620] xt_hashlimit: size too large, truncated to 1048576
[  187.198245][T11623] random: crng reseeded on system resumption
[  187.228612][T11624] loop6: detected capacity change from 0 to 2048
[  187.288353][T11624] EXT4-fs (loop6): failed to initialize system zone (-117)
[  187.300034][T11624] EXT4-fs (loop6): mount failed
[  187.318638][T11628] loop4: detected capacity change from 0 to 512
[  187.367430][T11628] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  187.375729][T11628] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  187.391514][T11628] System zones: 0-1, 15-15, 18-18, 34-34
[  187.476339][T11628] EXT4-fs (loop4): orphan cleanup on readonly fs
[  187.482988][T11628] EXT4-fs warning (device loop4): ext4_enable_quotas:7221: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  187.497837][T11628] EXT4-fs (loop4): Cannot turn on quotas: error -22
[  187.525092][T11637] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  187.531674][T11637] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  187.553923][T11628] EXT4-fs (loop4): 1 truncate cleaned up
[  187.581769][T11641] loop6: detected capacity change from 0 to 1024
[  187.789604][T11653] loop6: detected capacity change from 0 to 1024
[  187.796465][T11653] EXT4-fs: Ignoring removed orlov option
[  187.844558][T11660] random: crng reseeded on system resumption
[  187.858492][T11662] xt_hashlimit: size too large, truncated to 1048576
[  188.244651][T11513] syz.5.2634 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  188.255886][T11513] CPU: 1 UID: 0 PID: 11513 Comm: syz.5.2634 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  188.255914][T11513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  188.255928][T11513] Call Trace:
[  188.255937][T11513]  <TASK>
[  188.255947][T11513]  __dump_stack+0x1d/0x30
[  188.255976][T11513]  dump_stack_lvl+0xe8/0x140
[  188.256080][T11513]  dump_stack+0x15/0x1b
[  188.256103][T11513]  dump_header+0x81/0x240
[  188.256122][T11513]  oom_kill_process+0x295/0x350
[  188.256143][T11513]  out_of_memory+0x97b/0xb80
[  188.256220][T11513]  ? __cond_resched+0x4e/0x90
[  188.256243][T11513]  try_charge_memcg+0x610/0xa10
[  188.256284][T11513]  charge_memcg+0x51/0xc0
[  188.256388][T11513]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  188.256494][T11513]  __read_swap_cache_async+0x17b/0x2d0
[  188.256581][T11513]  swap_cluster_readahead+0x262/0x3c0
[  188.256618][T11513]  swapin_readahead+0xde/0x820
[  188.256647][T11513]  ? tracing_record_taskinfo_sched_switch+0x71/0x260
[  188.256719][T11513]  ? css_rstat_updated+0xb7/0x240
[  188.256740][T11513]  ? __account_obj_stock+0x211/0x350
[  188.256817][T11513]  ? __rcu_read_unlock+0x4f/0x70
[  188.256843][T11513]  ? swap_cache_get_folio+0x277/0x280
[  188.256884][T11513]  do_swap_page+0x2b4/0x21e0
[  188.256913][T11513]  ? __slab_free+0x104/0x2a0
[  188.256947][T11513]  ? refill_obj_stock+0x254/0x2e0
[  188.257011][T11513]  ? __slab_free+0x104/0x2a0
[  188.257115][T11513]  ? __pfx_default_wake_function+0x10/0x10
[  188.257148][T11513]  handle_mm_fault+0x9d8/0x2c60
[  188.257273][T11513]  do_user_addr_fault+0x630/0x1080
[  188.257304][T11513]  exc_page_fault+0x62/0xa0
[  188.257388][T11513]  asm_exc_page_fault+0x26/0x30
[  188.257409][T11513] RIP: 0033:0x7f22a96af751
[  188.257427][T11513] Code: 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 <c3> 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f
[  188.257450][T11513] RSP: 002b:00007ffcf1acd3f8 EFLAGS: 00010217
[  188.257466][T11513] RAX: 0000000000000000 RBX: 00007f22a9907da0 RCX: 00007f22a96af749
[  188.257479][T11513] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  188.257491][T11513] RBP: 00007f22a9907da0 R08: 000000000001430c R09: 0000001ef1acd6ef
[  188.257507][T11513] R10: 00007f22a9907cb0 R11: 0000000000000246 R12: 000000000002d793
[  188.257521][T11513] R13: 00007f22a9906090 R14: ffffffffffffffff R15: 00007ffcf1acd510
[  188.257541][T11513]  </TASK>
[  188.257550][T11513] memory: usage 307200kB, limit 307200kB, failcnt 3017
[  188.502544][T11513] memory+swap: usage 307404kB, limit 9007199254740988kB, failcnt 0
[  188.510517][T11513] kmem: usage 295712kB, limit 9007199254740988kB, failcnt 0
[  188.518159][T11513] Memory cgroup stats for /syz5:
[  188.519288][T11513] cache 0
[  188.527398][T11513] rss 11759616
[  188.530791][T11513] shmem 0
[  188.533736][T11513] mapped_file 0
[  188.537265][T11513] dirty 0
[  188.540221][T11513] writeback 0
[  188.543607][T11513] workingset_refault_anon 614
[  188.548420][T11513] workingset_refault_file 0
[  188.552935][T11513] swap 208896
[  188.556273][T11513] swapcached 4096
[  188.559927][T11513] pgpgin 58082
[  188.563474][T11513] pgpgout 55210
[  188.567009][T11513] pgfault 80884
[  188.570549][T11513] pgmajfault 434
[  188.574110][T11513] inactive_anon 4096
[  188.578060][T11513] active_anon 0
[  188.581524][T11513] inactive_file 11755520
[  188.585810][T11513] active_file 0
[  188.589278][T11513] unevictable 0
[  188.592803][T11513] hierarchical_memory_limit 314572800
[  188.598293][T11513] hierarchical_memsw_limit 9223372036854771712
[  188.604455][T11513] total_cache 0
[  188.607949][T11513] total_rss 11759616
[  188.611941][T11513] total_shmem 0
[  188.615490][T11513] total_mapped_file 0
[  188.619602][T11513] total_dirty 0
[  188.623071][T11513] total_writeback 0
[  188.626971][T11513] total_workingset_refault_anon 614
[  188.632665][T11513] total_workingset_refault_file 0
[  188.637829][T11513] total_swap 208896
[  188.641696][T11513] total_swapcached 4096
[  188.646032][T11513] total_pgpgin 58082
[  188.649970][T11513] total_pgpgout 55210
[  188.653965][T11513] total_pgfault 80884
[  188.658174][T11513] total_pgmajfault 434
[  188.662496][T11513] total_inactive_anon 4096
[  188.666982][T11513] total_active_anon 0
[  188.670969][T11513] total_inactive_file 11755520
[  188.675821][T11513] total_active_file 0
[  188.679864][T11513] total_unevictable 0
[  188.683963][T11513] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz5,task_memcg=/syz5,task=syz.5.2634,pid=11513,uid=0
[  188.698805][T11513] Memory cgroup out of memory: Killed process 11513 (syz.5.2634) total-vm:96148kB, anon-rss:12656kB, file-rss:22444kB, shmem-rss:0kB, UID:0 pgtables:148kB oom_score_adj:1000
[  188.826561][T11702] random: crng reseeded on system resumption
[  188.854451][T11704] IPv6: NLM_F_CREATE should be specified when creating new route
[  188.892761][T11711] xt_hashlimit: size too large, truncated to 1048576
[  189.013562][T11715] EXT4-fs (loop6): failed to initialize system zone (-117)
[  189.058197][T11715] EXT4-fs (loop6): mount failed
[  189.148930][T11720] EXT4-fs mount: 94 callbacks suppressed
[  189.149002][T11720] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  189.254852][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  189.400817][T11726] lo speed is unknown, defaulting to 1000
[  189.606306][T11726] chnl_net:caif_netlink_parms(): no params data found
[  189.617239][   T29] kauditd_printk_skb: 270 callbacks suppressed
[  189.617255][   T29] audit: type=1326 audit(1765090736.569:28035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11759 comm="syz.0.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  189.665255][   T29] audit: type=1326 audit(1765090736.599:28036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11759 comm="syz.0.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  189.689048][   T29] audit: type=1326 audit(1765090736.599:28037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11759 comm="syz.0.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  189.712626][   T29] audit: type=1326 audit(1765090736.599:28038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11759 comm="syz.0.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  189.736641][   T29] audit: type=1326 audit(1765090736.599:28039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11759 comm="syz.0.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  189.760361][   T29] audit: type=1326 audit(1765090736.599:28040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11759 comm="syz.0.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  189.784133][   T29] audit: type=1326 audit(1765090736.599:28041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11759 comm="syz.0.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  189.807948][   T29] audit: type=1326 audit(1765090736.599:28042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11759 comm="syz.0.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  189.831708][   T29] audit: type=1326 audit(1765090736.599:28043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11759 comm="syz.0.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  189.855580][   T29] audit: type=1326 audit(1765090736.599:28044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11759 comm="syz.0.2703" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb649f5f749 code=0x7ffc0000
[  189.941522][T11726] bridge0: port 1(bridge_slave_0) entered blocking state
[  189.948809][T11726] bridge0: port 1(bridge_slave_0) entered disabled state
[  189.959745][T11768] __nla_validate_parse: 1 callbacks suppressed
[  189.959764][T11768] netlink: 14 bytes leftover after parsing attributes in process `syz.0.2705'.
[  189.967807][T11726] bridge_slave_0: entered allmulticast mode
[  189.999605][T11726] bridge_slave_0: entered promiscuous mode
[  190.034899][T11726] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.042246][T11726] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.061270][T11726] bridge_slave_1: entered allmulticast mode
[  190.068760][T11726] bridge_slave_1: entered promiscuous mode
[  190.111058][T11726] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  190.122255][T11726] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  190.158399][T11726] team0: Port device team_slave_0 added
[  190.167900][T11726] team0: Port device team_slave_1 added
[  190.185867][T11726] batman_adv: batadv0: Adding interface: batadv_slave_0
[  190.193010][T11726] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  190.219098][T11726] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  190.236767][T11726] batman_adv: batadv0: Adding interface: batadv_slave_1
[  190.243788][T11726] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  190.269935][T11726] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  190.285570][T11775] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  190.312325][T11726] hsr_slave_0: entered promiscuous mode
[  190.318712][T11726] hsr_slave_1: entered promiscuous mode
[  190.334935][T11726] debugfs: 'hsr0' already exists in 'hsr'
[  190.340875][T11726] Cannot create hsr debugfs directory
[  190.351523][T11784] EXT4-fs: Ignoring removed mblk_io_submit option
[  190.395363][T11784] EXT4-fs (loop6): revision level too high, forcing read-only mode
[  190.403415][T11784] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042e018, mo2=0002]
[  190.431465][ T5146] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.441322][T11784] System zones: 0-1, 15-15, 18-18, 34-34
[  190.455264][T11784] EXT4-fs (loop6): orphan cleanup on readonly fs
[  190.470699][T11784] EXT4-fs error (device loop6): ext4_validate_block_bitmap:432: comm syz.6.2710: bg 0: block 15: invalid block bitmap
[  190.483831][ T3614] bridge_slave_1: left allmulticast mode
[  190.489558][ T3614] bridge_slave_1: left promiscuous mode
[  190.495292][ T3614] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.502694][T11784] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6689: Corrupt filesystem
[  190.516246][ T3614] bridge_slave_0: left promiscuous mode
[  190.522083][ T3614] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.539490][T11784] EXT4-fs (loop6): 1 truncate cleaned up
[  190.554212][T11794] EXT4-fs: Ignoring removed orlov option
[  190.570141][T11784] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  190.595133][T11794] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  190.620270][ T3614] team0: Port device bridge1 removed
[  190.674884][T11798] random: crng reseeded on system resumption
[  190.694892][ T3321] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.707700][ T3614] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  190.753235][ T3614] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  190.765650][ T3614] bond0 (unregistering): Released all slaves
[  190.787549][ T3614] team0: Port device macvlan4 removed
[  190.796134][ T3614] bond1 (unregistering): Released all slaves
[  190.842972][T11455] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.918044][ T3614] tipc: Disabling bearer <udp:s>
[  190.923085][ T3614] tipc: Left network mode
[  190.966715][ T3614] hsr_slave_0: left promiscuous mode
[  190.977264][ T3614] hsr_slave_1: left promiscuous mode
[  190.983717][ T3614] batman_adv: batadv0: Removing interface: batadv_slave_0
[  190.992364][ T3614] batman_adv: batadv0: Removing interface: batadv_slave_1
[  191.001950][ T3614] batman_adv: batadv0: Removing interface: vlan2
[  191.030096][T11832] random: crng reseeded on system resumption
[  191.111638][ T3614] team0 (unregistering): Port device team_slave_1 removed
[  191.140183][ T3614] team0 (unregistering): Port device C removed
[  191.152741][ T3621] smc: removing ib device !yz!
[  191.213224][T11853] set_capacity_and_notify: 5 callbacks suppressed
[  191.213241][T11853] loop5: detected capacity change from 0 to 1024
[  191.286668][T11853] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  191.309526][T11726] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  191.337672][T11726] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  191.347167][T11726] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  191.366998][T11726] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  191.417011][ T5146] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.477492][T11726] 8021q: adding VLAN 0 to HW filter on device bond0
[  191.504343][T11726] 8021q: adding VLAN 0 to HW filter on device team0
[  191.529191][ T3621] bridge0: port 1(bridge_slave_0) entered blocking state
[  191.536422][ T3621] bridge0: port 1(bridge_slave_0) entered forwarding state
[  191.551197][ T3621] bridge0: port 2(bridge_slave_1) entered blocking state
[  191.558500][ T3621] bridge0: port 2(bridge_slave_1) entered forwarding state
[  191.575986][T11726] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  191.586633][T11726] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  191.667505][T11726] 8021q: adding VLAN 0 to HW filter on device batadv0
[  191.712333][T11897] loop5: detected capacity change from 0 to 1024
[  191.760292][T11897] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  191.767844][T11911] loop4: detected capacity change from 0 to 512
[  191.790744][ T5146] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.800068][T11911] EXT4-fs: Ignoring removed mblk_io_submit option
[  191.817301][T11911] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  191.825269][T11911] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042e018, mo2=0002]
[  191.840217][T11726] veth0_vlan: entered promiscuous mode
[  191.850273][T11726] veth1_vlan: entered promiscuous mode
[  191.862386][T11911] System zones: 0-1, 15-15, 18-18, 34-34
[  191.869605][T11726] veth0_macvtap: entered promiscuous mode
[  191.877144][T11726] veth1_macvtap: entered promiscuous mode
[  191.883883][T11911] EXT4-fs (loop4): orphan cleanup on readonly fs
[  191.894118][T11726] batman_adv: batadv0: Interface activated: batadv_slave_0
[  191.904721][T11911] EXT4-fs error (device loop4): ext4_validate_block_bitmap:432: comm syz.4.2752: bg 0: block 15: invalid block bitmap
[  191.918914][T11726] batman_adv: batadv0: Interface activated: batadv_slave_1
[  191.927633][T11911] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6689: Corrupt filesystem
[  191.938910][ T3621] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  191.961914][ T3621] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  191.962860][T11911] EXT4-fs (loop4): 1 truncate cleaned up
[  191.996571][ T3621] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  192.027606][ T3621] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  192.030200][T11911] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  192.216329][ T5718] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.415162][ T3622] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.487780][ T3622] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.528102][ T3622] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.587792][ T3622] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.637289][ T3622] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.666316][ T3622] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.706302][ T3622] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.786226][ T3622] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  192.837998][ T3622] bridge_slave_1: left allmulticast mode
[  192.843670][ T3622] bridge_slave_1: left promiscuous mode
[  192.849444][ T3622] bridge0: port 2(bridge_slave_1) entered disabled state
[  192.857854][ T3622] bridge_slave_0: left allmulticast mode
[  192.863515][ T3622] bridge_slave_0: left promiscuous mode
[  192.869398][ T3622] bridge0: port 1(bridge_slave_0) entered disabled state
[  192.947700][ T3622] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  192.957912][ T3622] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  192.967415][ T3622] bond0 (unregistering): Released all slaves
[  192.987670][ T3622] team0: Port device geneve1 removed
[  193.026568][ T3622] team0: Port device bridge2 removed
[  193.086769][ T3622] bond0 (unregistering): Released all slaves
[  193.094715][ T3622] bond1 (unregistering): Released all slaves
[  193.147876][ T3622] tipc: Left network mode
[  193.156173][ T3622] hsr_slave_0: left promiscuous mode
[  193.161847][ T3622] hsr_slave_1: left promiscuous mode
[  193.167650][ T3622] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  193.175207][ T3622] batman_adv: batadv0: Removing interface: batadv_slave_0
[  193.183730][ T3622] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  193.191226][ T3622] batman_adv: batadv0: Removing interface: batadv_slave_1
[  193.200478][ T3622] hsr_slave_0: left promiscuous mode
[  193.206315][ T3622] hsr_slave_1: left promiscuous mode
[  193.214479][ T3622] veth1_macvtap: left promiscuous mode
[  193.220065][ T3622] veth0_macvtap: left promiscuous mode
[  193.225782][ T3622] veth1_vlan: left promiscuous mode
[  193.231170][ T3622] veth0_vlan: left promiscuous mode
[  193.290791][ T3622] team0 (unregistering): Port device team_slave_1 removed
[  193.302867][ T3622] team0 (unregistering): Port device team_slave_0 removed
[  193.939604][ T3622] IPVS: stop unused estimator thread 0...
[  194.010448][ T3622] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.098463][ T3622] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.167460][ T3622] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.237761][ T3622] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.309011][ T3622] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.347739][ T3622] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.417810][ T3622] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.476612][ T3622] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.528592][ T3622] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.567472][ T3622] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.607807][ T3622] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.647867][ T3622] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.717261][ T3622] bridge_slave_1: left allmulticast mode
[  195.722936][ T3622] bridge_slave_1: left promiscuous mode
[  195.728765][ T3622] bridge0: port 2(bridge_slave_1) entered disabled state
[  195.736733][ T3622] bridge_slave_0: left allmulticast mode
[  195.742440][ T3622] bridge_slave_0: left promiscuous mode
[  195.748075][ T3622] bridge0: port 1(bridge_slave_0) entered disabled state
[  195.756779][ T3622] bond2: left allmulticast mode
[  195.761808][ T3622] bond2: left promiscuous mode
[  195.766791][ T3622] bridge0: port 3(bond2) entered disabled state
[  195.773990][ T3622] bridge_slave_1: left allmulticast mode
[  195.779785][ T3622] bridge_slave_1: left promiscuous mode
[  195.785562][ T3622] bridge0: port 2(bridge_slave_1) entered disabled state
[  195.793252][ T3622] bridge_slave_0: left allmulticast mode
[  195.798938][ T3622] bridge_slave_0: left promiscuous mode
[  195.804572][ T3622] bridge0: port 1(bridge_slave_0) entered disabled state
[  195.927942][ T3622] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  195.937924][ T3622] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  195.947252][ T3622] bond0 (unregistering): Released all slaves
[  196.047556][ T3622] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  196.057570][ T3622] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  196.067178][ T3622] bond0 (unregistering): (slave dummy0): Releasing backup interface
[  196.076429][ T3622] bond0 (unregistering): Released all slaves
[  196.085588][ T3622] bond1 (unregistering): (slave wireguard0): Releasing backup interface
[  196.094085][ T3622] wireguard0: left promiscuous mode
[  196.100015][ T3622] bond1 (unregistering): Released all slaves
[  196.108147][ T3622] bond2 (unregistering): Released all slaves
[  196.129752][ T3622] team0: Port device bridge1 removed
[  196.196881][ T3622] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  196.206726][ T3622] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  196.216531][ T3622] bond0 (unregistering): Released all slaves
[  196.259779][ T3622] tipc: Left network mode
[  196.264673][ T3622] tipc: Left network mode
[  196.273409][ T3622] hsr_slave_0: left promiscuous mode
[  196.279259][ T3622] hsr_slave_1: left promiscuous mode
[  196.284854][ T3622] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  196.292541][ T3622] batman_adv: batadv0: Removing interface: batadv_slave_0
[  196.300782][ T3622] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  196.308210][ T3622] batman_adv: batadv0: Removing interface: batadv_slave_1
[  196.317730][ T3622] hsr_slave_0: left promiscuous mode
[  196.323466][ T3622] hsr_slave_1: left promiscuous mode
[  196.329142][ T3622] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  196.336531][ T3622] batman_adv: batadv0: Removing interface: batadv_slave_0
[  196.344027][ T3622] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  196.351534][ T3622] batman_adv: batadv0: Removing interface: batadv_slave_1
[  196.360488][ T3622] hsr_slave_0: left promiscuous mode
[  196.366314][ T3622] hsr_slave_1: left promiscuous mode
[  196.372070][ T3622] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  196.379652][ T3622] batman_adv: batadv0: Removing interface: batadv_slave_0
[  196.387137][ T3622] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  196.394593][ T3622] batman_adv: batadv0: Removing interface: batadv_slave_1
[  196.406881][ T3622] veth1_macvtap: left promiscuous mode
[  196.412571][ T3622] veth0_macvtap: left promiscuous mode
[  196.418097][ T3622] veth1_vlan: left promiscuous mode
[  196.423376][ T3622] veth0_vlan: left promiscuous mode
[  196.429082][ T3622] veth1_macvtap: left promiscuous mode
[  196.434534][ T3622] veth0_macvtap: left promiscuous mode
[  196.440357][ T3622] veth1_vlan: left promiscuous mode
[  196.445953][ T3622] veth0_vlan: left promiscuous mode
[  196.451736][ T3622] veth1_macvtap: left promiscuous mode
[  196.457305][ T3622] veth0_macvtap: left promiscuous mode
[  196.462783][ T3622] veth1_vlan: left promiscuous mode
[  196.468117][ T3622] veth0_vlan: left promiscuous mode
[  196.584153][ T3622] team0 (unregistering): Port device team_slave_1 removed
[  196.594126][ T3622] team0 (unregistering): Port device team_slave_0 removed
[  196.688839][ T3622] team0 (unregistering): Port device team_slave_1 removed
[  196.707074][ T3622] team0 (unregistering): Port device team_slave_0 removed
[  196.737546][ T4918] infiniband syz1: ib_query_port failed (-19)
[  197.429782][ T3622] IPVS: stop unused estimator thread 0...
[  198.215447][ T4906] ==================================================================
[  198.223553][ T4906] BUG: KCSAN: data-race in __filemap_add_folio / nr_blockdev_pages
[  198.231439][ T4906] 
[  198.233845][ T4906] read-write to 0xffff8881005f5cf8 of 8 bytes by task 2972 on cpu 0:
[  198.242263][ T4906]  __filemap_add_folio+0x5b9/0x7d0
[  198.247382][ T4906]  filemap_add_folio+0x1d9/0x360
[  198.252401][ T4906]  __filemap_get_folio_mpol+0x326/0x650
[  198.257945][ T4906]  bdev_getblk+0x174/0x3f0
[  198.262364][ T4906]  jbd2_journal_get_descriptor_buffer+0xce/0x210
[  198.268792][ T4906]  jbd2_journal_write_revoke_records+0x2f5/0x630
[  198.275126][ T4906]  jbd2_journal_commit_transaction+0x975/0x3150
[  198.281464][ T4906]  kjournald2+0x211/0x3d0
[  198.285794][ T4906]  kthread+0x489/0x510
[  198.289989][ T4906]  ret_from_fork+0x149/0x290
[  198.294842][ T4906]  ret_from_fork_asm+0x1a/0x30
[  198.299614][ T4906] 
[  198.301937][ T4906] read to 0xffff8881005f5cf8 of 8 bytes by task 4906 on cpu 1:
[  198.309482][ T4906]  nr_blockdev_pages+0x7e/0xd0
[  198.314341][ T4906]  si_meminfo+0x87/0xd0
[  198.318503][ T4906]  update_defense_level+0x47/0x5c0
[  198.323689][ T4906]  defense_work_handler+0x1f/0x80
[  198.328780][ T4906]  process_scheduled_works+0x4ce/0x9d0
[  198.334238][ T4906]  worker_thread+0x582/0x770
[  198.338827][ T4906]  kthread+0x489/0x510
[  198.342893][ T4906]  ret_from_fork+0x149/0x290
[  198.347565][ T4906]  ret_from_fork_asm+0x1a/0x30
[  198.352345][ T4906] 
[  198.354662][ T4906] value changed: 0x00000000000002c3 -> 0x00000000000002c4
[  198.361847][ T4906] 
[  198.364177][ T4906] Reported by Kernel Concurrency Sanitizer on:
[  198.370400][ T4906] CPU: 1 UID: 0 PID: 4906 Comm: kworker/1:10 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  198.380307][ T4906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  198.390528][ T4906] Workqueue: events_long defense_work_handler
[  198.396594][ T4906] ==================================================================