last executing test programs:

5m12.873898963s ago: executing program 0 (id=1203):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='mm_migrate_pages_start\x00', r0, 0x0, 0x4}, 0x18)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000300)='kfree\x00', r3}, 0x18)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000040)={0x0, 0x310000, 0x1000, 0x101, 0x2}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r1, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000740), 0x1}, 0x38)
setxattr$trusted_overlay_upper(0x0, 0x0, 0x0, 0x835, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r6}, 0x18)
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000f, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x3000)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0)
getsockopt$XDP_STATISTICS(r4, 0x11b, 0x7, &(0x7f0000000200), &(0x7f0000000340)=0x30)
sendmsg$nl_route_sched(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x25dfdbfb, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_MARK={0x8, 0x10, 0xd62}, @TCA_CT_PARMS={0x18, 0x1, {0x0, 0x20, 0x3}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='mm_migrate_pages_start\x00', r8, 0x0, 0x4}, 0x18)

5m11.545086136s ago: executing program 0 (id=1211):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
bind$can_j1939(r0, &(0x7f0000000340)={0x1d, 0x0, 0x0, {0x1, 0xf0, 0x4}, 0xfe}, 0x18)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x100, 0x6}, 0x4)
setsockopt$packet_fanout_data(0xffffffffffffffff, 0x107, 0x16, &(0x7f0000000100)={0x0, 0x0}, 0x10)
syz_mount_image$vfat(&(0x7f0000000180), &(0x7f0000000240)='./file0\x00', 0xcc808, &(0x7f0000000000)=ANY=[], 0x1, 0x1be, &(0x7f00000007c0)="$eJzs3UFLFGEYB/D/2rqpHdZDp+gwx06ifgIlDKKFoPBQEBSpEE4ICUId0luHvkQfpkPX+iQdPQQT7ejqioJZuwPr73fZh53977zvu8zOPgvDvLz7dntjZ3frxda3zLRamVpJkcNW5jOVYwcBACbJYVXlZ1VV1c2DzH5JVVVNjwgAGLWh8387ifM/AEy8p8+eP1rt9daeFMVMUn7aW99brx/r7atbeZMym1lMN7+SaqCuHzzsrS0WffP5XO4f5ff31m8M55fSzfz5+aU6XwznpzN3Or+cbm6fn18+N9/Jvc4gP52kmx+vs5MyG39+5pzKf1wqivuPe2fyt/qvAwAAgEmwUAz0+/dOhvv3hYXh7Sf9cZ1fbV36/4Ez/XU7d9rNzh0Arqvd9x+2X5Xl5rsrFDNH73HF+OWK73P1Tka4i/9UHC/p4JmVcazP3xad0yM8U8yOeKjtsU+5laSpBf+apPGP+0oHdb9o4MsIGKuTo7/pkQAAAAAAAAAAAAAAABe5+Hqg49v+/Pt1RU3PEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDr53cAAAD//5v6fNc=")
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='kfree\x00', r2, 0x0, 0x4ab}, 0x18)
r3 = socket$netlink(0x10, 0x3, 0x0)
writev(r3, &(0x7f00000000c0)=[{&(0x7f0000000000)="3700000013000318680907070000000f0000ff3f13000000170a001700000000040037000d00030001362564aa58b9a6c011f6bbf44dc4", 0x37}], 0x1)
ioctl$HCIINQUIRY(0xffffffffffffffff, 0x400448ca, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
socket$nl_netfilter(0x10, 0x3, 0xc)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10)
write$tun(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB="000086dd0003110004000000a60c6eec00be004411"], 0xfdef)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000000c0)={@mcast2, 0x17})
getsockname(0xffffffffffffffff, 0x0, &(0x7f0000000180))

5m11.197680738s ago: executing program 0 (id=1214):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000340)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
prctl$PR_SET_NAME(0xf, &(0x7f0000000180)='wg1\x00')
r0 = socket$inet6(0xa, 0x2, 0x0)
prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='\x00')
setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000180)={0x8, {{0xa, 0x4e21, 0xa3f, @mcast1, 0xbfd}}, {{0xa, 0x4e20, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x40}}}, 0x108)
setsockopt$inet6_group_source_req(r0, 0x29, 0x2f, &(0x7f00000002c0)={0x0, {{0xa, 0x4e20, 0x4, @mcast2, 0xa}}, {{0xa, 0x4e21, 0x4e15, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x5}}}, 0x108)
getsockopt$inet6_buf(r0, 0x29, 0x30, &(0x7f0000000180)=""/214, &(0x7f0000000080)=0xd6)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYRESOCT], &(0x7f0000000100)='GPL\x00'}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xe}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000006020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000ecff850000000400000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="07000000040000000001000001"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x8, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1c)
r3 = syz_io_uring_setup(0x14dd, &(0x7f0000000300)={0x0, 0x5121, 0x0, 0x3, 0x258}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000600))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_enter(r3, 0x47ba, 0x0, 0x0, 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000a80)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r6, 0x0, 0x10007ffffffff}, 0x18)
socket$kcm(0x10, 0x2, 0x0)

5m10.987046148s ago: executing program 0 (id=1216):
syslog(0x2, &(0x7f0000000040)=""/10, 0xa)

5m10.900721126s ago: executing program 0 (id=1217):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
inotify_init1(0x0)
io_uring_enter(0xffffffffffffffff, 0x3518, 0xade1, 0x3, 0x0, 0x39)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
syslog(0x2, &(0x7f0000000040)=""/10, 0xa)
r1 = socket(0xa, 0x3, 0x3a)
sendfile(r1, r0, &(0x7f00000003c0), 0xfffffffffffffffe)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = syz_open_dev$loop(&(0x7f0000000240), 0x40, 0x1c0862)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf)
connect$netlink(r2, &(0x7f00000004c0)=@unspec, 0xc)
r5 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000005c0)='sched_switch\x00', r7}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r8 = socket$tipc(0x1e, 0x2, 0x0)
sendmsg$tipc(r8, 0x0, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r10}, 0x10)
writev(r5, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000280)={r4, 0x1000, {0x0, 0x0, 0x0, 0x4, 0x4000000000001001, 0x0, 0x0, 0x1c, 0xc, "faf98317e5a1149989fc8dbe53ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a8a0f3500000000000000000e00", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0x6]}})
sendfile(r3, r4, 0x0, 0x200)
bpf$PROG_LOAD(0x5, &(0x7f0000001b00)={0x1e, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000800000000000000050000001520000000c6d5aa1944a6403600defffb6eb49a546d6ff3070000008febf6c1872cc4b9ab5a9b92e3197a6c4c42960c2a3a4884da339668cb7900aa84f73b35534a3a54b0240d0734f7afe4ca3cb509876f9092486b0ee3ade2f694003f098f4cad5bd8e336629ff6b7b91e57a8894d9665163b31578cf9cebc68b2d5e54ffe773002c22d1b0a00"/167], 0x0, 0x100000, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)

5m8.853851176s ago: executing program 0 (id=1227):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
inotify_init1(0x0)
io_uring_enter(0xffffffffffffffff, 0x3518, 0xade1, 0x3, 0x0, 0x39)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = socket(0xa, 0x3, 0x3a)
sendfile(r1, r0, &(0x7f00000003c0), 0xfffffffffffffffe)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000004c0012800e0001006970366772657461700000003800028014000700fe8000000000000000000001000000aa06000f00ff070000060003000100000006000e0011"], 0x6c}}, 0x44850)
r3 = syz_open_dev$loop(&(0x7f0000000240), 0x40, 0x1c0862)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf)
connect$netlink(r2, &(0x7f00000004c0)=@unspec, 0xc)
r5 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000005c0)='sched_switch\x00', r7}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r8 = socket$tipc(0x1e, 0x2, 0x0)
sendmsg$tipc(r8, 0x0, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r10}, 0x10)
writev(r5, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000280)={r4, 0x1000, {0x0, 0x0, 0x0, 0x4, 0x4000000000001001, 0x0, 0x0, 0x1c, 0xc, "faf98317e5a1149989fc8dbe53ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a8a0f3500000000000000000e00", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0x6]}})
sendfile(r3, r4, 0x0, 0x200)
bpf$PROG_LOAD(0x5, &(0x7f0000001b00)={0x1e, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000800000000000000050000001520000000c6d5aa1944a6403600defffb6eb49a546d6ff3070000008febf6c1872cc4b9ab5a9b92e3197a6c4c42960c2a3a4884da339668cb7900aa84f73b35534a3a54b0240d0734f7afe4ca3cb509876f9092486b0ee3ade2f694003f098f4cad5bd8e336629ff6b7b91e57a8894d9665163b31578cf9cebc68b2d5e54ffe773002c22d1b0a00"/167], 0x0, 0x100000, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)

5m8.81044922s ago: executing program 32 (id=1227):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
inotify_init1(0x0)
io_uring_enter(0xffffffffffffffff, 0x3518, 0xade1, 0x3, 0x0, 0x39)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = socket(0xa, 0x3, 0x3a)
sendfile(r1, r0, &(0x7f00000003c0), 0xfffffffffffffffe)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000004c0012800e0001006970366772657461700000003800028014000700fe8000000000000000000001000000aa06000f00ff070000060003000100000006000e0011"], 0x6c}}, 0x44850)
r3 = syz_open_dev$loop(&(0x7f0000000240), 0x40, 0x1c0862)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf)
connect$netlink(r2, &(0x7f00000004c0)=@unspec, 0xc)
r5 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000005c0)='sched_switch\x00', r7}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r8 = socket$tipc(0x1e, 0x2, 0x0)
sendmsg$tipc(r8, 0x0, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r10}, 0x10)
writev(r5, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000280)={r4, 0x1000, {0x0, 0x0, 0x0, 0x4, 0x4000000000001001, 0x0, 0x0, 0x1c, 0xc, "faf98317e5a1149989fc8dbe53ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a8a0f3500000000000000000e00", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0x6]}})
sendfile(r3, r4, 0x0, 0x200)
bpf$PROG_LOAD(0x5, &(0x7f0000001b00)={0x1e, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000800000000000000050000001520000000c6d5aa1944a6403600defffb6eb49a546d6ff3070000008febf6c1872cc4b9ab5a9b92e3197a6c4c42960c2a3a4884da339668cb7900aa84f73b35534a3a54b0240d0734f7afe4ca3cb509876f9092486b0ee3ade2f694003f098f4cad5bd8e336629ff6b7b91e57a8894d9665163b31578cf9cebc68b2d5e54ffe773002c22d1b0a00"/167], 0x0, 0x100000, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)

4m5.977112148s ago: executing program 2 (id=1744):
syz_genetlink_get_family_id$nl802154(&(0x7f0000000140), 0xffffffffffffffff)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, 0x0, 0x810)

4m5.976917608s ago: executing program 2 (id=1745):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000300)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r4, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x5, 0xd, 0x8f, 0xd, 0x2, 0x4, 0x2, 0xf, 0x6, 0x3, 0x7, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x3, 0x3, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x5, 0xffff, 0xfff5, 0x4, 0x8, 0x1, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffe00, {0x0, 0x0, 0x0, r7, {0x8}, {0xffff}, {0xfff2, 0xffe1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x45, 0x1, {0xe, [0xc, 0x5, 0x0, 0xf, 0x10, 0x2, 0x4, 0x2, 0xf, 0x6, 0x6, 0x1, 0x8, 0x4, 0x10, 0x4], 0x3, [0xb, 0x5, 0x7fff, 0x2002, 0x1, 0x4, 0x2, 0xd06, 0xff05, 0x8000, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0x2, 0x5, 0x2, 0xfff5, 0x4, 0x8, 0x7, 0x9, 0x5, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x1, 0x1]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x0)
r8 = socket$netlink(0x10, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0xfffffffffffffe8f, &(0x7f0000000200)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffe00, {0x0, 0x0, 0x0, r10, {0x4}, {0xffff}, {0xb, 0xffe1}}}, 0x8c}, 0x1, 0x0, 0x0, 0x400dc}, 0x8020)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000500), 0xf7, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=")

4m5.561949556s ago: executing program 2 (id=1749):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0x5, &(0x7f00000003c0)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x2100, 0x0, &(0x7f0000000100), 0x0, 0x1008, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50)

4m5.266787574s ago: executing program 2 (id=1753):
syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f00000001c0)='./file0\x00', 0x204818, &(0x7f0000000380)={[{@sbsector={'sbsector', 0x3d, 0xae}}, {@utf8}, {@cruft}, {@session={'session', 0x3d, 0x62}}, {@sbsector}, {@gid}, {@session={'session', 0x3d, 0x54}}, {}]}, 0x1, 0x54e, &(0x7f00000008c0)="$eJzs3V1v01gawPHHfYEoK1WrZYVQVeBQdqUileAkEBSxN17nJD2Q2JHtoPYKVTRFFSmsKCtte8Nyw8xIMx+CuZwPMd8IzUeYke2kLzSJgb5O9f9FcE7sY5/npJYfuY2PBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAiOXWbLtoSdN4nWU1mlsL/Nbe2/7WhxbInQPFmH5FrPif5HJyLV107e97q6/G/83LXPpuTnJxkZOdv1z966MrUxOD7ccE/FV+/sY9bW3vvFzt9bpvjiuQc+j65dHrGtozoW9aTkMrE/qqWqnY95bqoaqbpg5Xwki3lBtoJ/IDteDeUcVqtax0YcXveI2a09SDhQ/vlmy7oh4X2toJQt+797gQukum2TReI2kTr47bPIwPxCcmUpF2Wkqtb/S65awBxI2KX9KolNWoZJdKxWKpVKw8qD54aNtThxbYn5FDLY7voMWf0zGevYGjmejnf2mKEU86sixq6MuVmgTiS2vE+r5B/v/nPT223/35f5Dlr+2tnpUk/99I390Ylf9HxHJ6ry3Zlh15KavSk5505c0J9jVz5qM9/GqIFk+MhOKLkZY4yRLVX6KkKhWpiC3PZEnqEoqSuhhpipZQViSUSHRyRLkSiBZHIvElECUL4sodUVKUqlSlLEq0FGRFfOmIJw2piZPsZV02ks+9LMoaFeNuo+LIYeQHx11XSmNGS/7H0R3r+Rs4it8H+R8AAAAAAFxYVvLb9/j6f1quJ7W6aWr7rMMCAAAAAADHKPnL/1xcTMe162Jx/Q8AAAAAwEVjJffYWSKSl5tpbV2s5HYpfgkAAAAAAMAFkfz9/0ZcJHOg3BRrd7oUrv8BAAAAALggvs+cYz9sX7Z+/U2CYNp6317+h7WZzM3rbE6m201+vseoPmvN9HeSFJW0mJpy9ZyVSxvtToL5qV+sZ8Vh7QXg7Abw/68J4MqU/Ci30ja31tJybbAm7SVfN01dcP3mo6I4zsxEpJej/77a+J8kw//Ba81YOdnodQvPX/fWkljex3t5v9mfQPHQPIpjYnmbzLeQ3HMxdMTTyY0Y/X7zlqxv9Lr2/vFPpJtPHOzx3cyYPj/IfNpqvj/jbf7g+HNxn8XCqNH3oygeceQf5Hba5vbC7bQYEkUpK4rS/iiGfxZHj6KcFUX5iFEAwFlZz8hClhzKu99wlvu27C5fmd0/yELaZmE2ObFOzQ45o9tZZ3R7fHabzIril0PPQBqVY+N+f/osq36MN/g4MquGzZIVf4STbzf/I1e3tnfubmyuvui+6L4qlcoV+75tPyjJdDKMfkHuAQAMsf8ZO9bQ/J/5FB7rfsZV9d92v1JQkOfyWnqyJovJ3QbJNw6G7jW/72sIixlXrfkkTaZPeFkcc1V3KbnLYbDf0ti2B2Mon8JPAgCA0zOfkYe/JP8vZlx3H8zl46+O8/ue1gYAAE6GDj5Z+eg7KwhM+1mxWi060ZJWge8+UYGpNbQyXqQDd8nxGlq1Az/yXb8ZV56amg5V2Gm3/SBSdT9QbT80y8n0gar/6PdQtxwvMm7Ybmon1Mr1vchxI1UzofuvduffTRMu6SDZOGxr19SN60TG91TodwJXF5QKtVZ7DU1Ne5Gpm7jqqXZgWk6QU0/9ZqelVU2HbmDakZ/ucNCX8ep+0Ep2e+msP2wAAM6Jre2dl6u9XvfNCVaGdpw79aECAIC+jCwNAAAAAAAAAAAAAAAAAAAAAADOgdO4/4/KBa8MpoI+L/FQOYZK5qnj3YmfnACcqD8CAAD//x6LT3Q=")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)

4m5.033161615s ago: executing program 2 (id=1757):
unshare(0x6a040000)
socket(0x10, 0x80002, 0x0)
r0 = socket(0x10, 0x2, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000280)=ANY=[@ANYBLOB="540000002000010000000000000000000200200003000000000000001400110076657468305f6d616376746170000000080002"], 0x54}}, 0x0)

4m4.560527849s ago: executing program 2 (id=1772):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x10000}}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0xb, 0x9}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r5, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r8, {0xc, 0xc}, {0x0, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080)

4m4.513167893s ago: executing program 33 (id=1772):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x10000}}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {0xb, 0x9}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x18, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000940)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r5, {0xf000, 0xffff}, {}, {0x7, 0xa}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r6, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r8, {0xc, 0xc}, {0x0, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080)

3m13.324734379s ago: executing program 6 (id=2484):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
inotify_init1(0x0)
io_uring_enter(0xffffffffffffffff, 0x3518, 0xade1, 0x3, 0x0, 0x39)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
syslog(0x2, &(0x7f0000000040)=""/10, 0xa)
r1 = socket(0xa, 0x3, 0x3a)
sendfile(r1, r0, &(0x7f00000003c0), 0xfffffffffffffffe)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000004c0012800e0001006970366772657461700000003800028014000700fe8000000000000000000001000000aa06000f00ff070000060003000100000006000e"], 0x6c}}, 0x44850)
r3 = syz_open_dev$loop(&(0x7f0000000240), 0x40, 0x1c0862)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf)
connect$netlink(r2, &(0x7f00000004c0)=@unspec, 0xc)
r5 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000002040)=ANY=[@ANYBLOB="1e0000000000000005000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000005c0)='sched_switch\x00', r7}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
r8 = socket$tipc(0x1e, 0x2, 0x0)
sendmsg$tipc(r8, 0x0, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r10}, 0x10)
writev(r5, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f0000000280)={r4, 0x1000, {0x0, 0x0, 0x0, 0x4, 0x4000000000001001, 0x0, 0x0, 0x1c, 0xc, "faf98317e5a1149989fc8dbe53ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a8a0f3500000000000000000e00", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0x6]}})
sendfile(r3, r4, 0x0, 0x200)
bpf$PROG_LOAD(0x5, &(0x7f0000001b00)={0x1e, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="180000000800000000000000050000001520000000c6d5aa1944a6403600defffb6eb49a546d6ff3070000008febf6c1872cc4b9ab5a9b92e3197a6c4c42960c2a3a4884da339668cb7900aa84f73b35534a3a54b0240d0734f7afe4ca3cb509876f9092486b0ee3ade2f694003f098f4cad5bd8e336629ff6b7b91e57a8894d9665163b31578cf9cebc68b2d5e54ffe773002c22d1b0a00"/167], 0x0, 0x100000, 0x0, 0x0, 0x41002, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)

3m12.384765577s ago: executing program 6 (id=2497):
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {0x0, 0x1}, {0xffff, 0xffff}, {0xffff, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40004}, 0x4000)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
sendmsg$nl_route_sched(r5, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x20000800)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=@newtfilter={0x24, 0x2c, 0xd27, 0x70bd28, 0xfffff000, {0x0, 0x0, 0x0, r8, {0xf000, 0xffff}, {}, {0x7, 0xa}}}, 0x24}, 0x1, 0xa0000000, 0x0, 0x80}, 0x20008800)

3m11.882170963s ago: executing program 6 (id=2499):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0x8, 0xe}, 0x48)
r0 = syz_io_uring_setup(0x14dd, &(0x7f0000000300)={0x0, 0x5121, 0x0, 0x3, 0x258}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_SYMLINKAT={0x26, 0x4, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000140)='./file1\x00'})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000040)='kmem_cache_free\x00', r3, 0x0, 0x10007ffffffff}, 0x18)
socket$kcm(0x10, 0x2, 0x0)

3m11.493882189s ago: executing program 6 (id=2503):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000300)='kfree\x00', r0}, 0x18)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, 0x0, &(0x7f0000000740), 0x1}, 0x38)
socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r3}, 0x18)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0)
getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f0000000200), &(0x7f0000000340)=0x30)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=@newtaction={0x64, 0x30, 0xb, 0x0, 0x25dfdbfb, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_MARK={0x8, 0x10, 0xd62}, @TCA_CT_PARMS={0x18, 0x1, {0x0, 0x20, 0x3}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)

3m10.367029544s ago: executing program 6 (id=2516):
pipe(&(0x7f0000000140))
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/ip_mr_cache\x00')
fchdir(r1)
r2 = inotify_init()
inotify_add_watch(r2, &(0x7f0000000000)='./file0\x00', 0x1)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x32, 0xffffffffffffffff, 0x0)
vmsplice(r0, 0x0, 0x0, 0x0)

3m9.86720046s ago: executing program 6 (id=2517):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x1b32, 0x4)
sendmmsg$inet(r0, &(0x7f0000006240)=[{{&(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x37}}, 0x10, &(0x7f0000000680)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)}], 0x4}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000d00)="0259fb", 0x3}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x3, 0x10)

3m9.86705344s ago: executing program 34 (id=2517):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x1b32, 0x4)
sendmmsg$inet(r0, &(0x7f0000006240)=[{{&(0x7f0000000140)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x37}}, 0x10, &(0x7f0000000680)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000300)}], 0x4}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000d00)="0259fb", 0x3}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x3, 0x10)

4.464753487s ago: executing program 3 (id=3636):
socketpair$unix(0x1, 0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x16ba82, 0x10)
write$cgroup_int(r5, &(0x7f0000000180)=0xfe5f, 0x12)

4.301445102s ago: executing program 7 (id=3639):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}], {0x14}}, 0x74}}, 0x0)

4.052745454s ago: executing program 1 (id=3640):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=@bridge_setlink={0x44, 0x13, 0xa29, 0x0, 0x0, {}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x2, 0x0, 0x1, {0x4, 0x5, 0x0, 0x0, [{0x8, 0x0, 0x0, 0x0, 0x123e}, {0x8, 0x5}, {0x8}]}}]}]}, 0x44}}, 0x0)

3.907487438s ago: executing program 1 (id=3642):
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000500000002"], 0x48)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af0ff00000000bfa200000000000007020000d5ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000c00)=@bpf_tracing={0x1a, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4}, [@call]}, &(0x7f0000000a00)='syzkaller\x00', 0x5, 0x0, 0x0, 0x41100, 0x2, '\x00', 0x0, 0x1c, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x13b02, r1, 0x0, 0x0, 0x0, 0x10, 0xd}, 0x94)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000180)={0x20, 0x3, 0x1, 0x101, 0x0, 0x0, {0xa}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0xe7a06077b9aabc62}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4000004}, 0x20044080)
socket$inet6_sctp(0xa, 0x1, 0x84)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000002c0)={0x2, &(0x7f0000000000)=[{0x14}, {0x2d}]})
setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x39, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x14, 0x0)
socket$kcm(0xa, 0x2, 0x0)
socket(0x2, 0x2, 0x6)
r3 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @rand_addr=0x640100ff, 0x4e20, 0x3, 'lblcr\x00', 0x1, 0xa7e, 0x70}, 0x2c)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r4 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
socket$kcm(0x2, 0xa, 0x73)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2673004c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
socket$kcm(0x11, 0x200000000000002, 0x300)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000080)=0xf)
ioctl$TCFLSH(r5, 0x400455c8, 0x0)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r6, 0x400448e2, &(0x7f0000000040))

3.585323938s ago: executing program 3 (id=3644):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
close(0x3)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r1, 0x84, 0x81, &(0x7f0000000280), 0x0)
setsockopt(r1, 0x84, 0x80, &(0x7f0000000000)="1400000009000000", 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @ipv4={'\x00', '\xff\xff', @empty}}], 0x1c)
sendmsg$inet(r1, &(0x7f00000000c0)={&(0x7f0000000040)={0x2, 0x4e23, @loopback}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000380)='Y', 0x1}], 0x1}, 0x1)
setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r1, 0x84, 0x5, &(0x7f0000000100)={0x0, @in={{0x2, 0x4e23, @empty}}}, 0x84)

3.574766869s ago: executing program 7 (id=3645):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0)
setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r2 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0)
write$tun(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="000086dd0003110004000000a60c6eec00be004411"], 0xfdef)

3.525198283s ago: executing program 3 (id=3646):
syz_io_uring_setup(0x5c6, 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
pipe2$9p(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80800)
vmsplice(r1, &(0x7f0000000040)=[{&(0x7f0000000000)="e3", 0x1}], 0x1, 0x1)
fcntl$setpipe(r0, 0x407, 0x176)
vmsplice(r1, &(0x7f0000000180)=[{&(0x7f00000000c0)='{', 0x1}, {&(0x7f00000006c0)}], 0x2, 0xd)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000003c0)={[{@noload}, {}, {@sysvgroups}, {@norecovery}, {@errors_remount}, {@oldalloc}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")

3.444963851s ago: executing program 5 (id=3648):
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f00000002c0)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, 0x0, 0x0)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)
recvfrom$inet(r1, &(0x7f0000000100)=""/24, 0xfffffffffffffd5b, 0xc9100120, 0x0, 0xfffffffffffffd25)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r2, 0x0, 0x8}, 0x18)

3.444707471s ago: executing program 5 (id=3649):
syz_usb_connect$uac1(0x5, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$FOU_CMD_ADD(r0, 0x0, 0x90)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c00"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000680)=@newtfilter={0x43c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x40c, 0x2, [@TCA_FLOW_POLICE={0x408, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x81, 0xffffffff, 0xda, 0x3, 0x0, 0x2a, 0x100, 0x73d, 0x3509, 0x3, 0x10000, 0x7, 0x1000, 0x9, 0x3, 0x3, 0x882e, 0x8, 0x8, 0x2, 0x800009, 0xfffffffb, 0x2, 0x6, 0x80000000, 0x400, 0x9, 0xffff, 0x7a, 0x5, 0x7, 0x444, 0xffffff40, 0x9, 0x6, 0x8, 0x2, 0x57, 0x10, 0x4, 0x7fff, 0x9, 0xfffffffb, 0x2, 0xcf9f, 0x0, 0x1, 0x8, 0x1, 0x5, 0xfffffff9, 0xf8c800, 0x80000001, 0x6, 0x4, 0x9, 0x8, 0xfffffffd, 0x15, 0x7, 0xc, 0x8, 0x4, 0x3, 0xfffffe00, 0x7, 0x3, 0x800, 0x1, 0x4, 0x2, 0x4, 0x1, 0x801e, 0x7, 0x4, 0x0, 0x8, 0x5, 0x8001, 0x5, 0x1, 0x1000, 0x9, 0x3, 0x7ff, 0xd0, 0x8, 0x0, 0x3, 0x1, 0x9, 0xe, 0x1, 0xfffffff8, 0x7, 0x0, 0xb1, 0x3, 0xffffff44, 0x1, 0x8, 0xf, 0x6, 0x556, 0x1, 0x2c, 0x5, 0x80000001, 0x1, 0x0, 0xffffff00, 0x3, 0xffffffff, 0x7, 0x9, 0x1c00, 0x5, 0xa2, 0x3, 0x8, 0x0, 0x5, 0x8001, 0xbfffffff, 0x7, 0x80, 0x7, 0x0, 0x743, 0x5, 0x3, 0x7, 0x200, 0x5, 0x0, 0x8, 0x3, 0x100, 0x2, 0x8, 0x1, 0x1, 0x8, 0xe, 0x5, 0x6, 0x4, 0x7ff, 0x5, 0xfffffffe, 0x7, 0xf80, 0x7, 0x5a, 0x2302, 0xffff, 0x3ff, 0x2, 0x5, 0x1, 0x6, 0x3, 0x401, 0x10401, 0x512d, 0x1, 0xe, 0x2, 0xa3c0, 0x4, 0x8000, 0x10001, 0x15a, 0x6, 0x120000, 0x9, 0x7fffffff, 0x7, 0x9, 0x80000004, 0x5, 0x7e9, 0x48, 0x9, 0x3, 0x0, 0x5, 0x6, 0xf, 0xff, 0xd, 0x6, 0x9, 0x0, 0x200, 0x9, 0xff, 0x4, 0x7, 0x7, 0x8, 0x4, 0x56, 0x4a82, 0xffff0000, 0x7ff, 0x3e1, 0x6, 0x80000000, 0x4c0, 0x5, 0xa, 0x6, 0x2, 0x6, 0x8, 0x48, 0x1a, 0x2000000, 0x1ff, 0x844, 0x6, 0x3ff, 0x2, 0x100, 0x6, 0xffffffff, 0x200, 0xc26, 0x4, 0x5, 0x1, 0x7fff, 0xf, 0x401, 0x401, 0x4, 0x7, 0x3565, 0x2, 0x4, 0xebf, 0x9, 0x1000, 0x1, 0x71f, 0x2, 0x7, 0x6e8, 0x8, 0x0, 0x80000000, 0x6, 0x9, 0x2]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x1}, 0x800)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x38, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x500}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00030000000000001c0012800c0001006d616376", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r6, @ANYBLOB="38c60400fe0000000000d7032ebe7ba9f2726c64513105d8cb5033fd65b736e274b6bd020087966e5da26c3959efeccf61000000"], 0x4c}}, 0x0)

3.433525182s ago: executing program 7 (id=3650):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
inotify_init1(0x0)
io_uring_enter(0xffffffffffffffff, 0x3518, 0xade1, 0x3, 0x0, 0x39)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
syslog(0x2, &(0x7f0000000040)=""/10, 0xa)
r1 = socket(0xa, 0x3, 0x3a)
sendfile(r1, r0, &(0x7f00000003c0), 0xfffffffffffffffe)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="6c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000004c0012800e0001006970366772657461700000003800028014000700fe8000000000000000000001000000aa06000f00ff070000060003000100000006000e0011"], 0x6c}}, 0x44850)
syz_open_dev$loop(&(0x7f0000000240), 0x40, 0x1c0862)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_freeze_timeout', 0x82802, 0xf)
connect$netlink(r2, &(0x7f00000004c0)=@unspec, 0xc)
r3 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005700000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x51}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000005c0)='sched_switch\x00', r4}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000021007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
writev(r3, &(0x7f00000025c0)=[{&(0x7f0000000240)='4', 0x1}], 0x1)

3.230831671s ago: executing program 4 (id=3652):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv', 0x2)
sendmmsg$inet(r0, &(0x7f0000002980)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000640)="985e44", 0x3}], 0x1}}], 0x1, 0x54004)
sendto$inet(r0, &(0x7f0000000580)="17", 0x7fbc, 0x10008034, 0x0, 0x0)

3.117624521s ago: executing program 4 (id=3653):
r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000400), 0x101201, 0x0)
ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000600)=0x14)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
prctl$PR_SET_NAME(0xf, &(0x7f0000000480)='gtp\x00')
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000015c0)='kmem_cache_free\x00'}, 0x10)
ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, 0x0)
r1 = syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x2000000, &(0x7f0000000380)={[{@grpquota}, {@init_itable_val={'init_itable', 0x3d, 0x1007}}, {@dioread_nolock}, {@bsdgroups}]}, 0x53, 0x4f3, &(0x7f00000012c0)="$eJzs3F1oXFUeAPD/nXz2a5vd7Xa33e5uut1lwxaTNq02D4JUFHxQECuojyFJS23aSJOCLVWmIPVRCr6Lj7764Kv6UsQnwdf6KEihSF/aCuLInbl3vjKTNJNkxpjfD27mnHtn7jnnnnvunHtO5gawbY2mf5JK+E5E7I2IQvMbRisvD+9fn3l0//pMFEulMz8m5Y89SOOZbDexK4uMFSIK7yW1DXUWr167MD0/P3c5i08sXXxrYvHqtSfOD2drpqaS/g4L1SK9tFwPDr67cOjAC2/cemmmuuc8tfpybJTRGG2VlbL/bnRiPbanLtxxvdF16fmfVtdAuf3vjb5YqfKKXcwZsNlKpVJpqP3mYqnZjWVrgC0rhnudA6A38i/69P43X1p1BAY3p/vRc/dOV26A0nI/zJaIf5VX5uMgA033txtpNCJeL/70UbrEJo1DAADU++J03hNs6v+NVGZGfr5y+5n09Q/ZHMpIRPwxIv4UEX+OiH0R8ZeI2B8Rf42IvzXtvy8iSiukP9oUr6ZfnYQq3N2goraU9v+ezua20qU291UNjfRlsT0ReYd57lh2TMZiYOjs+fm54yuk8eVz337Qblt9/y9d0jzkfcEsH3f7mwboZqeXpjsr7XL3bkQc7K+Vv9L/TfojkupMQBIRByLi4Br2O1IXPv//Tw5VIwON71u9/GWllvNoGzDPVPo44n+V+i9GtfzRMImYNMxPXpw+N3du7tLk1NTJE8dPPTX55MRwzM8dm0jPgmMt0/j6m5svt0t/1fJ/9n3zR54/9fmZrGWtX1r/O+vO/8jnb2vlH0kikup87eLa07j53ftt72k6Pf8Hk1fL4fy+9O3ppaXLxyMGkxeXr5+sfTaPp69RrJR/7Ejz+V9Ot3yNy4/E3yMiPYn/ERH/jModYpr3wxHx74g4skL5v3r2P292Xv7NlZZ/NhrLX6n5hvqvzde3CyTZ3GDDpsFIA30XDt951Obi8Xj1f7IcGsvWtL7+JQ2XiHY5zb/t0jW/rPvoAQAAwNZQiIjddWNJu6NQGB+vjAHti52F+YXFpaNnF65cmk23RYzEQCEf6aqMBw8k+fjnSF18sil+Ihs3/rBvRzk+PrMwP9vTkgO7ym0+KYxHvNZX1/5TP2zMEDPwW+b3WrB9rdT+0078/ltdzAzQVY///X/7nU3NCNB1de2/3S/8ix383xewBbj/B2pWf9CPawZsfSVtGba1NbX/ox4CCL8n/fFKNVzoaU6AbtP/h21p1d/1rytQGmq9aTiWvzmGV95hX3SWjR0t0upJIO1Z9ST1HZ18Kn+aQtv3RGFtOxyKxjWDHdbp2XUejeLlxXP7ayd//myRdR7nUva/8htdg592pZ22CnT9UgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALApfg0AAP//XhrXwA==")
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x104, &(0x7f0000000040)=0x7, 0x0, 0x4)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f00000001c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000000000", @ANYRES32=r3, @ANYRES32=r1], 0x4c}}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="4c000000020603000000000000000000000000001400078008001240000000000500150002000000050001000600000005000500020000000500040000000000090002"], 0x4c}}, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x100002, 0x3, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x4e0, 0x0, 0x0, 0x0)
r4 = gettid()
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0x7ffff000}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)

2.733866847s ago: executing program 4 (id=3654):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000060000850000001b000000b7"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000240)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r4, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000005c0)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000900)=@delchain={0x30, 0x2e, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff2, 0xffff}, {0x0, 0xd}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x0)
syz_emit_ethernet(0x3a, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r6, 0x1, 0xf, 0x0, 0x0)
close(0x4)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r7)
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x20044894}, 0x20008810)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
exit(0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaafad1ee48716e08004500000200000000000000d0000000000000000000004e2000089078b0d29c71bf756f00000080000000003f895228bbc66f0cee3070d535319605f927da69ff76dd6edb76ed08e5b62caaaa36e0058c2ea84d4af4ca6eb140b54bfe07ad8baf85f05e11226d3180bcda29a13913ec00c52ed0b099d10f39bda4e4729b069c0119a1b17ac45a06333267f9afb49d855e58076e90aa132faa9cf06865f8a0ef5fcac9a96be2bf43af4ccbb65de2b4de1f8b6b93020db4570b493d33dc893b9576a7d1a1d63105dba56068f74fec7772ebb5a869"], 0x0)

2.200715686s ago: executing program 5 (id=3655):
socketpair$unix(0x1, 0x5, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x16ba82, 0x10)
write$cgroup_int(r5, &(0x7f0000000180)=0xfe5f, 0x12)

2.187202377s ago: executing program 3 (id=3656):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}}], {0x14}}, 0x88}}, 0x0)

2.001150904s ago: executing program 7 (id=3657):
dup(0xffffffffffffffff)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
pipe2(&(0x7f0000000040)={<r0=>0xffffffffffffffff}, 0x80000)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
utime(0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{}, &(0x7f00000006c0), &(0x7f0000000700)=r2}, 0x20)
close(0x3)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x4e24, 0xfffffffe, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
close_range(r0, 0xffffffffffffffff, 0x0)

1.946521829s ago: executing program 3 (id=3658):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000340)={0x1d, r1, 0x0, {0x1, 0xf0, 0x4}, 0xfe}, 0x18)
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x100, 0x6}, 0x4)
setsockopt$packet_fanout_data(r2, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x6}]}, 0x10)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r3, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000240)='kfree\x00', r4, 0x0, 0x4ab}, 0x18)
syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c00020100000009040000"], 0x0)

1.761315366s ago: executing program 4 (id=3659):
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f00000002c0)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, 0x0, 0x0)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)
recvfrom$inet(r1, &(0x7f0000000100)=""/24, 0xfffffffffffffd5b, 0xc9100120, 0x0, 0xfffffffffffffd25)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r2, 0x0, 0x8}, 0x18)

1.677577555s ago: executing program 4 (id=3660):
r0 = socket$inet(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', <r1=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x11, 0x80a, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x42, &(0x7f00000003c0)={@remote, @link_local, @void, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x1, @random="c7efb10d4ca8", @private1={0xfc, 0x1, '\x00', 0x1}, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}}}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x1, 0x803, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001400)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r4}]}, 0x44}}, 0x0)

1.535930137s ago: executing program 7 (id=3661):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001380)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000081811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x41, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x1, 0x0, 0x7ffc0005}]})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x4, 0x0, &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r3}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a14000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x20044090}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETOBJ(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f5"], 0x34}, 0x1, 0x0, 0x0, 0x66df5cfbe53006d1}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000340)='kmem_cache_free\x00', r2, 0x0, 0xffffffffffffffff}, 0x18)
fspick(0xffffffffffffffff, &(0x7f0000000000)='.\x00', 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x2, 0x0, 0x7fff0000}]})
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1, 0x0, 0xfffffffffffffffd}, 0x18)
perf_event_open(&(0x7f0000000440)={0x2, 0x80, 0x27, 0x1, 0x9, 0x0, 0x0, 0x7, 0x18614, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x94, 0x0, @perf_bp={&(0x7f0000000380), 0x4}, 0x2004, 0x10000, 0x0, 0x7, 0xc, 0x20005, 0xfff, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0x3, 0xffffffffffffffff, 0x1)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r9, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x4)
sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newtfilter={0x5c, 0x2c, 0xd3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0xb, 0xfff3}, {}, {0x8, 0x300}}, [@filter_kind_options=@f_basic={{0xa}, {0x2c, 0x2, [@TCA_BASIC_EMATCHES={0x28, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffd}}, @TCA_EMATCH_TREE_LIST={0x1c, 0x2, 0x0, 0x1, [@TCF_EM_META={0x18, 0x1, 0x0, 0x0, {{0x7, 0x4, 0x6}, [@TCA_EM_META_HDR={0xc, 0x1, {{0x5, 0xe, 0x2}, {0x800, 0x40}}}]}}]}]}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10}, 0x0)

1.533647208s ago: executing program 1 (id=3662):
r0 = mq_open(&(0x7f00000000c0)='!\x00', 0x800, 0x34, &(0x7f0000000100)={0xfffffffffffffe25, 0x3, 0x4, 0x1})
preadv2(r0, &(0x7f0000000600)=[{&(0x7f0000000200)=""/187, 0xbb}, {&(0x7f00000002c0)=""/239, 0xef}, {&(0x7f00000003c0)=""/78, 0x4e}, {&(0x7f0000000440)=""/161, 0xa1}, {&(0x7f0000000500)=""/209, 0xd1}], 0x5, 0xfff, 0x2, 0x2)
socket$can_bcm(0x1d, 0x2, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x23, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r5, 0x4b45, 0x3)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x4, @multicast2}, 0x10)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast2, @in6=@private2, 0x0, 0x0, 0x4e21, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x100000000000}, {}, 0x0, 0x0, 0x1, 0x0, 0x3}, {{@in6=@mcast2, 0x0, 0x33}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0xb7, 0xfffffffe}}, 0xe8)
sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x4, 0x40, 0x40, 0x41}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000180), 0x1003, r8}, 0x38)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r8, 0x0, &(0x7f0000000540)=""/210}, 0x20)

1.50905922s ago: executing program 4 (id=3663):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000000c0)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x9)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x77)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000181100"/20, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x75, 0x0, 0x0, 0x0, 0x2}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb70300000800"], 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
syz_clone(0x41aa1000, 0x0, 0x0, 0x0, 0x0, 0x0)
request_key(&(0x7f0000000340)='user\x00', &(0x7f0000000380)={'syz', 0x3}, &(0x7f00000003c0)=')\x00', 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x18)
r6 = socket$kcm(0x2, 0x1000000000000002, 0x0)
sendmsg$inet(r6, &(0x7f0000000b40)={&(0x7f0000000080)={0x2, 0x4e20, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000180)=[@ip_pktinfo={{0x1c, 0x0, 0x7, {0x0, @dev, @loopback}}}], 0x20}, 0x0)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x810000, &(0x7f0000000080)={[{@usrquota}, {@noblock_validity}, {@bh}, {@max_batch_time={'max_batch_time', 0x3d, 0x8c9}}, {@debug}, {@inlinecrypt}]}, 0x6, 0x5fc, &(0x7f0000000c00)="$eJzs3c9rHGUfAPDvzCZ5kzavaUXEFsWAhxakaVKLVS+29WAPBQv2IOKhoUlq6PYHTQq2FkzBg4KCiFeRXvwHvEvv3kRQb56FKlJRUOnK7M62m2Q3XdPsTpr5fGCzz/PM7D7PdydP5pmZPDsBlNZ49iON2BVx51QSMdaybDQaC8fz9W7/du109kiiVnv91ySSvKy5fpI/b88zwxHx7dGIRyur6124cvXsdLXW8F7E/sVzF/cvXLm6b/7c9JnZM7Pnpw68cPDQ5ItTB6c2JM7t+fOx4689+fH7bz8/9111XxKH4+TguzOxIo6NMh7jcScPsbV8ICIOZYk2n8vDZguEUGqV/PdxMCIej7Go1HMNYzH/UaGNA3qqVomoASWV6P9QUs1xQPPYvrvj4JM9HpX0z60jjQOg1fEPNM6NxHD92Gjb7aTlyKhxbmPHBtSf1fHPtd2fZ49Ydh7iz7tbZ2AD6ulk6XpEPNEu/qTeth31SLP402XtSCJiMiKG8va98gBtSFrSvTgPs5b1xp9GxOH8OSs/us76x1fk+x0/AOV080i+I1/Kcvf2f9nYozn+iTbjn9E2+671KHr/13n819zfD9fPkacrxmHZmOVE+7ccXFnw04fHPu1Uf+v4L3tk9TfHgv1w63rE7hXxf5AFm49/sviTNts/W+XU4e7qePX7X451WlZ0/LUbEXvaHv/cG5VmqTWuT+6fm6/OTjZ+tq3j62/e+rJT/UXHn23/bR3ib9n+6crXZZ/JxS7r+OrEjXOdlo3eN/7056Gkcbw5lJe8M724eGkqYig5nq/SUn5g7bY012m+Rxb/3mfa9/9lv//Xl7/PSPNPZhcuvnH2dqdl69n+LReT79S6bEMnWfwz99/+q/p/VvZJl3X88eblpzotWyv+kQcJDAAAAAAAAEoorV+DTdKJu+k0nZhozJd9LLal1QsLi8/OXbh8fiZib/3/IQfT5pXusUY+yfJT+f/DNvMHVuSfi4idEfFZZaSenzh9oTpTdPAAAAAAAAAAAAAAAAAAAACwSWzP5/8371P9e6Ux/x8oiV7eYA7Y3PR/KK96/191iyegDOz/obz0fygv/R/KS/+H8tL/obz0fygv/R/KS/8HAAAAgC1p59M3f0wiYumlkfojM5QvMyMItrbBohsAFKZSdAOAwty99G+wD6XT1fj/r/zLAXvfHKAASbvC+uCgtnbnv9n2lQAAAAAAAAAAAABAD+zZ1Xn+v7nBsLWZ9gfl9QDz/311ADzkfPU/lJdjfOB+s/iHOy0w/x8AAAAAAAAAAAAA+ma0/kjSiXwu8Gik6cRExP8jYkcMJnPz1dnJiHgkIn6oDP4vy08V3WgAAAAAAAAAAAAAAAAAAADYYhauXD07Xa3OXmpN/L2qZGsnmndB7UNdL8d/fFUk/f9YRiKi8I3Ss8RAS0kSsZRt+U3RsEsLsTmaUU8U/IcJAAAAAAAAAAAAAAAAAABKqGXucXu7v+hziwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg/+7d/793iaJjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTv8GAAD//7V5QCw=")

1.236949735s ago: executing program 5 (id=3664):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r0, &(0x7f0000000440), 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000001c0)=0x14)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x4, &(0x7f0000000980)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='kfree\x00', r1, 0x0, 0x401}, 0x11)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r2}, 0x18)
r3 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0)
write$binfmt_script(r3, &(0x7f0000000340)={'#! ', './file0'}, 0xb)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace', 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x40, 0x0)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xac, 0xac, 0x5, [@type_tag={0x3, 0x0, 0x0, 0x12, 0x2}, @union={0x10, 0x3, 0x0, 0x5, 0x0, 0x40, [{0x3, 0x4, 0x98}, {0x9, 0x2, 0xfff}, {0xe, 0x2}]}, @int={0x4, 0x0, 0x0, 0x1, 0x0, 0x44, 0x0, 0x45, 0x1}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x2, 0x3, 0x5}}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x4, 0x3, 0x2}}, @func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x2, 0x4}]}, @enum={0xe, 0x2, 0x0, 0x6, 0x4, [{0xe, 0xfffff801}, {0x5, 0x9}]}]}, {0x0, [0x6f, 0x5f, 0x5f]}}, &(0x7f0000000300)=""/160, 0xc9, 0xa0, 0x1, 0x40, 0x10000}, 0x28)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000004c0)=@generic={&(0x7f0000000480)='./file1\x00', 0x0, 0x10}, 0x18)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000740)='./file1/file0\x00', &(0x7f0000000780)={0x40, 0xb1, 0x2}, 0x18)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x1800018, &(0x7f00000000c0)={[{@errors_remount}, {@nodioread_nolock}]}, 0x1, 0x512, &(0x7f0000000ec0)="$eJzs3d9rY1kdAPDvvW1mOzNdk1WRdcF1cVc6i07Sbt3dIqLriz4tqOv7WNu0lCZNadJ1Whbt4H8ggoJPPvki+AcIwzz4B8jAgL6ID6KiiM7og6DOlSQ3TidN2rrTNp3m84HTnHPvzf2ec0NO7o/TewMYWy9FxFsRMRERr0ZEMZ+e5in2uqm93IP77y21UxJZ9s5fk0jyab11tdcxGRFX87dNRcTXvhzxzeRg3ObO7vpirVbdysuVVn2z0tzZvb5WX1ytrlY35ufn3lh4c+H1hdks90TtLPUyP/nS529/+lu/u/Hna99uV+tzH4lC9LXjJHWbXuhsi572Nto6jWAj0PvMC6OuCAAAx9Lex/9gRHyis/9fjInO3lyfiVHUDAAAADgp2Rem499JRAYAAABcWGlETEeSlvOxANORppfycwMfjitprdFsfWqlsb2x3J4XUYpCurJWq87mY4VLUUja5bl8jG2v/FpfeT4inouI7xcvd8rlpUZtecTnPgAAAGBcXO07/v9HMe3kjzbg/wQAAACA86s0tAAAAABcFA75AQAA4OLrP/6/PaJ6AAAAAKfiK2+/3U5Z7/nXy+/ubK833r2+XG2ul+vbS+WlxtZmebXRWO3cs69+1PpqjcbmZ2Jj+2alVW22Ks2d3Rv1xvZG68baY4/ABgAAAM7Qcx+/8+skIvY+e7mTIr8PIMBj/jDqCgAnaWLUFQBGxl28YXwVRl0BYOSSI+YbvAMAAE+/mY8evP7fe/6/cwNwsRnrAwDjx/V/GF8FIwBhrKUR8YFu9plhywy9/v/L40bJsoi7xf1TnF8EAICzNd1JSVrOjwOmI03L5YhnI9JSFJKVtVp1Nj8++FWx8Ey7PNd5Z3LkmGEAAAAAAAAAAAAAAAAAAAAAAAAAoCvLksgAAACACy0i/VPSuZt/xEzxlen+8wOXkn8W44954Ufv/ODmYqu1Ndee/rfOs7wuRUTrh/n014Y+PgwAAAA4acne0Fnd4/T8de5MawUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAGHhw/72lXjrLuH/5YkSUBsWfjKnO61QUIuLK35OY3Pe+JCImTiD+3q2IeH5Q/CQeZllWymvRHz+NiMunHL/U2TTD4189gfgwzu60+5+3Bn3/0nip8zr4+zeZpyc1vP9L88jPd/q5Qf3fswfWVh8Y44V7P6sMjX8r4oXJwf1Pr/9NhsR/+cDa/pVl2cEY3/j67u6w+NmPI2YG/v4kj8WqtOqblebO7vW1+uJqdbW6MT8/98bCmwuvL8xWVtZq1fzvwBjf+9jPHx7W/isD4v/2N93+97D2vzJspX3+c+/m/Q91s4VB8a+9PPD3dyqGxE/z375P5vn2/Jlefq+b3+/Fn9598bD2Lw/Z/kd9/teO2f5Xv/rd3x9zUQDgDDR3dtcXa7Xq1iGZqWMs8zRmfjF1Lqrxf2ay73Q/ufNSn/ebae+tPprSa9U5qNi+THZmsSbinDT5f5mRdksAAMApeLTTP+qaAAAAAAAAAAAAAAAAAAAAwPg6i9uJ9cfcG01TAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO9d8AAAD//yLg4A8=")

642.97324ms ago: executing program 3 (id=3665):
syz_usb_connect$uac1(0x5, 0x0, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$FOU_CMD_ADD(r0, 0x0, 0x90)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c00"], 0x3c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000680)=@newtfilter={0x43c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x40c, 0x2, [@TCA_FLOW_POLICE={0x408, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x81, 0xffffffff, 0xda, 0x3, 0x0, 0x2a, 0x100, 0x73d, 0x3509, 0x3, 0x10000, 0x7, 0x1000, 0x9, 0x3, 0x3, 0x882e, 0x8, 0x8, 0x2, 0x800009, 0xfffffffb, 0x2, 0x6, 0x80000000, 0x400, 0x9, 0xffff, 0x7a, 0x5, 0x7, 0x444, 0xffffff40, 0x9, 0x6, 0x8, 0x2, 0x57, 0x10, 0x4, 0x7fff, 0x9, 0xfffffffb, 0x2, 0xcf9f, 0x0, 0x1, 0x8, 0x1, 0x5, 0xfffffff9, 0xf8c800, 0x80000001, 0x6, 0x4, 0x9, 0x8, 0xfffffffd, 0x15, 0x7, 0xc, 0x8, 0x4, 0x3, 0xfffffe00, 0x7, 0x3, 0x800, 0x1, 0x4, 0x2, 0x4, 0x1, 0x801e, 0x7, 0x4, 0x0, 0x8, 0x5, 0x8001, 0x5, 0x1, 0x1000, 0x9, 0x3, 0x7ff, 0xd0, 0x8, 0x0, 0x3, 0x1, 0x9, 0xe, 0x1, 0xfffffff8, 0x7, 0x0, 0xb1, 0x3, 0xffffff44, 0x1, 0x8, 0xf, 0x6, 0x556, 0x1, 0x2c, 0x5, 0x80000001, 0x1, 0x0, 0xffffff00, 0x3, 0xffffffff, 0x7, 0x9, 0x1c00, 0x5, 0xa2, 0x3, 0x8, 0x0, 0x5, 0x8001, 0xbfffffff, 0x7, 0x80, 0x7, 0x0, 0x743, 0x5, 0x3, 0x7, 0x200, 0x5, 0x0, 0x8, 0x3, 0x100, 0x2, 0x8, 0x1, 0x1, 0x8, 0xe, 0x5, 0x6, 0x4, 0x7ff, 0x5, 0xfffffffe, 0x7, 0xf80, 0x7, 0x5a, 0x2302, 0xffff, 0x3ff, 0x2, 0x5, 0x1, 0x6, 0x3, 0x401, 0x10401, 0x512d, 0x1, 0xe, 0x2, 0xa3c0, 0x4, 0x8000, 0x10001, 0x15a, 0x6, 0x120000, 0x9, 0x7fffffff, 0x7, 0x9, 0x80000004, 0x5, 0x7e9, 0x48, 0x9, 0x3, 0x0, 0x5, 0x6, 0xf, 0xff, 0xd, 0x6, 0x9, 0x0, 0x200, 0x9, 0xff, 0x4, 0x7, 0x7, 0x8, 0x4, 0x56, 0x4a82, 0xffff0000, 0x7ff, 0x3e1, 0x6, 0x80000000, 0x4c0, 0x5, 0xa, 0x6, 0x2, 0x6, 0x8, 0x48, 0x1a, 0x2000000, 0x1ff, 0x844, 0x6, 0x3ff, 0x2, 0x100, 0x6, 0xffffffff, 0x200, 0xc26, 0x4, 0x5, 0x1, 0x7fff, 0xf, 0x401, 0x401, 0x4, 0x7, 0x3565, 0x2, 0x4, 0xebf, 0x9, 0x1000, 0x1, 0x71f, 0x2, 0x7, 0x6e8, 0x8, 0x0, 0x80000000, 0x6, 0x9, 0x2]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x1}, 0x800)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x38, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x500}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00030000000000001c0012800c0001006d616376", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r6, @ANYBLOB="38c60400fe0000000000d7032ebe7ba9f2726c64513105d8cb5033fd65b736e274b6bd020087966e5da26c3959efeccf61000000"], 0x4c}}, 0x0)

300.649462ms ago: executing program 1 (id=3666):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0x400454c9, 0x3)
socket$inet6_sctp(0xa, 0x5, 0x84)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
lremovexattr(0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r2 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8)
sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0x0)

267.667645ms ago: executing program 7 (id=3667):
writev(0xffffffffffffffff, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
recvmmsg(r0, &(0x7f0000005c80)=[{{0x0, 0x0, 0x0}}], 0x344, 0x10122, 0x0)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0x8, 0x0, 0x0, 'queue0\x00', 0x3})
write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick=0x1f4, {}, {}, @raw32={[0x2600]}}], 0xffc8)
ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r1, 0x408c5333, &(0x7f0000000500)={0x0, 0xe, 0x1, 'queue0\x00'})

228.708418ms ago: executing program 5 (id=3668):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}}], {0x14}}, 0x88}}, 0x0)

109.028659ms ago: executing program 5 (id=3669):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000060000850000001b000000b700000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000240)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r4, &(0x7f0000000080)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000005c0)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}]}, 0x30}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000900)=@delchain={0x30, 0x2e, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xfff2, 0xffff}, {0x0, 0xd}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x0)
syz_emit_ethernet(0x3a, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r6 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r6, 0x1, 0xf, 0x0, 0x0)
close(0x4)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r7)
move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB], 0x2c}, 0x1, 0x0, 0x0, 0x20044894}, 0x20008810)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0)
futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
exit(0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
perf_event_open(&(0x7f0000000380)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0)
syz_emit_ethernet(0x2a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaafad1ee48716e08004500000200000000000000d0000000000000000000004e2000089078b0d29c71bf756f00000080000000003f895228bbc66f0cee3070d535319605f927da69ff76dd6edb76ed08e5b62caaaa36e0058c2ea84d4af4ca6eb140b54bfe07ad8baf85f05e11226d3180bcda29a13913ec00c52ed0b099d10f39bda4e4729b069c0119a1b17ac45a06333267f9afb49d855e58076e90aa132faa9cf06865f8a0ef5fcac9a96be2bf43af4ccbb65de2b4de1f8b6b93020db4570b493d33dc893b9576a7d1a1d63105dba56068f74fec7772ebb5a869"], 0x0)

101.74561ms ago: executing program 1 (id=3670):
socket$nl_route(0x10, 0x3, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r1, &(0x7f00000002c0)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, 0x0, 0x0)
sendto$inet(r1, &(0x7f0000000000), 0xffffffffffffff94, 0x12, 0x0, 0x12)
recvfrom$inet(r1, &(0x7f0000000100)=""/24, 0xfffffffffffffd5b, 0xc9100120, 0x0, 0xfffffffffffffd25)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x43, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r2, 0x0, 0x8}, 0x18)

0s ago: executing program 1 (id=3671):
syz_usb_connect$uac1(0x5, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x8604, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0x10000, 0x0, 0x6, 0x7, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c000200080001"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000680)=@newtfilter={0x43c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, 0x0, {0x0, 0x7}, {}, {0xffff, 0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x40c, 0x2, [@TCA_FLOW_POLICE={0x408, 0xa, 0x0, 0x1, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x81, 0xffffffff, 0xda, 0x3, 0x0, 0x2a, 0x100, 0x73d, 0x3509, 0x3, 0x10000, 0x7, 0x1000, 0x9, 0x3, 0x3, 0x882e, 0x8, 0x8, 0x2, 0x800009, 0xfffffffb, 0x2, 0x6, 0x80000000, 0x400, 0x9, 0xffff, 0x7a, 0x5, 0x7, 0x444, 0xffffff40, 0x9, 0x6, 0x8, 0x2, 0x57, 0x10, 0x4, 0x7fff, 0x9, 0xfffffffb, 0x2, 0xcf9f, 0x0, 0x1, 0x8, 0x1, 0x5, 0xfffffff9, 0xf8c800, 0x80000001, 0x6, 0x4, 0x9, 0x8, 0xfffffffd, 0x15, 0x7, 0xc, 0x8, 0x4, 0x3, 0xfffffe00, 0x7, 0x3, 0x800, 0x1, 0x4, 0x2, 0x4, 0x1, 0x801e, 0x7, 0x4, 0x0, 0x8, 0x5, 0x8001, 0x5, 0x1, 0x1000, 0x9, 0x3, 0x7ff, 0xd0, 0x8, 0x0, 0x3, 0x1, 0x9, 0xe, 0x1, 0xfffffff8, 0x7, 0x0, 0xb1, 0x3, 0xffffff44, 0x1, 0x8, 0xf, 0x6, 0x556, 0x1, 0x2c, 0x5, 0x80000001, 0x1, 0x0, 0xffffff00, 0x3, 0xffffffff, 0x7, 0x9, 0x1c00, 0x5, 0xa2, 0x3, 0x8, 0x0, 0x5, 0x8001, 0xbfffffff, 0x7, 0x80, 0x7, 0x0, 0x743, 0x5, 0x3, 0x7, 0x200, 0x5, 0x0, 0x8, 0x3, 0x100, 0x2, 0x8, 0x1, 0x1, 0x8, 0xe, 0x5, 0x6, 0x4, 0x7ff, 0x5, 0xfffffffe, 0x7, 0xf80, 0x7, 0x5a, 0x2302, 0xffff, 0x3ff, 0x2, 0x5, 0x1, 0x6, 0x3, 0x401, 0x10401, 0x512d, 0x1, 0xe, 0x2, 0xa3c0, 0x4, 0x8000, 0x10001, 0x15a, 0x6, 0x120000, 0x9, 0x7fffffff, 0x7, 0x9, 0x80000004, 0x5, 0x7e9, 0x48, 0x9, 0x3, 0x0, 0x5, 0x6, 0xf, 0xff, 0xd, 0x6, 0x9, 0x0, 0x200, 0x9, 0xff, 0x4, 0x7, 0x7, 0x8, 0x4, 0x56, 0x4a82, 0xffff0000, 0x7ff, 0x3e1, 0x6, 0x80000000, 0x4c0, 0x5, 0xa, 0x6, 0x2, 0x6, 0x8, 0x48, 0x1a, 0x2000000, 0x1ff, 0x844, 0x6, 0x3ff, 0x2, 0x100, 0x6, 0xffffffff, 0x200, 0xc26, 0x4, 0x5, 0x1, 0x7fff, 0xf, 0x401, 0x401, 0x4, 0x7, 0x3565, 0x2, 0x4, 0xebf, 0x9, 0x1000, 0x1, 0x71f, 0x2, 0x7, 0x6e8, 0x8, 0x0, 0x80000000, 0x6, 0x9, 0x2]}]}]}}]}, 0x43c}, 0x1, 0x0, 0x0, 0x1}, 0x800)
r4 = socket(0x200000000000011, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r5=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000740)=ANY=[@ANYBLOB="7000000010000304000080000000000000007400", @ANYRES32=r5, @ANYBLOB="0000000003120100500012800b000100627269646765000040000280080005000100000006002700000000000800010015000800050025000000000008000400000000000c"], 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x40)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newlink={0x40, 0x10, 0x403, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, 0x500}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x8, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}]}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x40}, 0x1, 0x0, 0x0, 0x24000804}, 0x8000)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x1, 0x803, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00030000000000001c0012800c0001006d6163766c616e000c000280080001000800000008000500", @ANYRES32=r9, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r9, @ANYBLOB="38c60400fe0000000000d7032ebe7ba9f2726c64513105d8cb5033fd65b736e274b6bd020087966e5da26c3959efeccf61000000"], 0x4c}}, 0x0)

kernel console output (not intermixed with test programs):

01] 8021q: adding VLAN 0 to HW filter on device bond7
[  564.726088][T17101] 8021q: adding VLAN 0 to HW filter on device bond7
[  564.733415][T17101] bond7: (slave vxcan5): The slave device specified does not support setting the MAC address
[  564.745558][T17101] bond7: (slave vxcan5): Error -95 calling set_mac_address
[  564.881024][T17109] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3346'.
[  564.891091][T17109] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3346'.
[  565.003312][T17112] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3345'.
[  565.314436][T17116] 9p: Bad value for 'wfdno'
[  565.332326][T17116] loop1: detected capacity change from 0 to 512
[  565.390494][T17116] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  565.400619][T17116] EXT4-fs (loop1): orphan cleanup on readonly fs
[  565.418261][T17116] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.3348: corrupted inode contents
[  565.431265][T17116] EXT4-fs (loop1): Remounting filesystem read-only
[  565.438930][T17116] EXT4-fs (loop1): 1 truncate cleaned up
[  565.444837][ T5454] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  565.455585][ T5454] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  565.523193][ T5454] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  565.534067][T17116] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  565.571450][T17122] 9p: Bad value for 'wfdno'
[  565.580768][T17122] loop7: detected capacity change from 0 to 512
[  565.608030][T15846] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  565.618810][T17122] EXT4-fs (loop7): revision level too high, forcing read-only mode
[  565.646253][T17122] EXT4-fs (loop7): orphan cleanup on readonly fs
[  565.664506][T17122] EXT4-fs error (device loop7): ext4_do_update_inode:5617: inode #16: comm syz.7.3350: corrupted inode contents
[  565.678130][T17122] EXT4-fs (loop7): Remounting filesystem read-only
[  565.684880][T17122] EXT4-fs (loop7): 1 truncate cleaned up
[  565.690850][ T5454] EXT4-fs (loop7): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  565.701593][ T5454] EXT4-fs (loop7): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  565.765973][ T5454] EXT4-fs (loop7): Quota write (off=8, len=24) cancelled because transaction is not started
[  565.796951][T17122] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  565.895130][T12917] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  566.558217][T17148] 9p: Bad value for 'wfdno'
[  566.569763][T17148] loop5: detected capacity change from 0 to 512
[  566.598790][T17148] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  566.620086][T17148] EXT4-fs (loop5): orphan cleanup on readonly fs
[  566.642876][T17148] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #16: comm syz.5.3356: corrupted inode contents
[  566.669347][T17148] EXT4-fs (loop5): Remounting filesystem read-only
[  566.686505][T17154] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3358'.
[  566.696272][T17154] netlink: 32 bytes leftover after parsing attributes in process `syz.7.3358'.
[  566.697430][T17148] EXT4-fs (loop5): 1 truncate cleaned up
[  566.711560][   T52] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  566.722193][   T52] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  566.733283][   T52] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  566.744243][T17148] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  566.774330][ T8549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  566.884680][T17157] netlink: 'syz.5.3359': attribute type 27 has an invalid length.
[  566.892608][T17157] netlink: 'syz.5.3359': attribute type 4 has an invalid length.
[  566.900450][T17157] netlink: 144 bytes leftover after parsing attributes in process `syz.5.3359'.
[  566.940437][T17159] netlink: 'syz.3.3360': attribute type 1 has an invalid length.
[  566.956803][   T29] kauditd_printk_skb: 287 callbacks suppressed
[  566.956833][   T29] audit: type=1400 audit(1766885247.837:29728): avc:  denied  { read write } for  pid=17160 comm="syz.7.3361" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  566.985341][T17159] 8021q: adding VLAN 0 to HW filter on device bond8
[  566.986887][   T29] audit: type=1400 audit(1766885247.837:29729): avc:  denied  { open } for  pid=17160 comm="syz.7.3361" path="/dev/raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  567.018122][T17161] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  567.039050][   T29] audit: type=1400 audit(1766885247.897:29730): avc:  denied  { ioctl } for  pid=17160 comm="syz.7.3361" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  567.080501][   T29] audit: type=1400 audit(1766885247.957:29731): avc:  denied  { create } for  pid=17158 comm="syz.3.3360" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  567.100495][   T29] audit: type=1400 audit(1766885247.957:29732): avc:  denied  { ioctl } for  pid=17158 comm="syz.3.3360" path="socket:[48754]" dev="sockfs" ino=48754 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  567.127392][T17163] 8021q: adding VLAN 0 to HW filter on device bond8
[  567.134212][T17161] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  567.154787][T17163] bond8: (slave vxcan5): The slave device specified does not support setting the MAC address
[  567.178418][   T29] audit: type=1400 audit(1766885248.057:29733): avc:  denied  { mount } for  pid=17165 comm="syz.1.3362" name="/" dev="ramfs" ino=48762 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[  567.187861][T17163] bond8: (slave vxcan5): Error -95 calling set_mac_address
[  567.312728][   T29] audit: type=1400 audit(1766885248.077:29734): avc:  denied  { execmem } for  pid=17165 comm="syz.1.3362" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[  567.592370][T17172] loop1: detected capacity change from 0 to 1024
[  567.627799][T17172] EXT4-fs: Ignoring removed bh option
[  567.649444][T17172] EXT4-fs: inline encryption not supported
[  567.701323][T17172] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  567.868119][T17178] loop4: detected capacity change from 0 to 1024
[  567.874931][T17178] EXT4-fs: Ignoring removed bh option
[  567.894181][T17178] EXT4-fs: inline encryption not supported
[  567.902750][T17172] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  567.927429][T17172] EXT4-fs error (device loop1): ext4_map_blocks:783: inode #3: block 2: comm syz.1.3362: lblock 2 mapped to illegal pblock 2 (length 1)
[  567.965087][T17172] Quota error (device loop1): qtree_write_dquot: dquota write failed
[  567.978067][T17178] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  567.993933][T17172] EXT4-fs error (device loop1): ext4_map_blocks:783: inode #3: block 48: comm syz.1.3362: lblock 0 mapped to illegal pblock 48 (length 1)
[  568.045947][T17172] Quota error (device loop1): v2_write_file_info: Can't write info structure
[  568.054777][T17172] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.3362: Failed to acquire dquot type 0
[  568.066609][T17172] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  568.076554][T17172] EXT4-fs error (device loop1): ext4_evict_inode:253: inode #11: comm syz.1.3362: mark_inode_dirty error
[  568.088290][T17172] EXT4-fs warning (device loop1): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  568.098885][T17172] EXT4-fs (loop1): 1 orphan inode deleted
[  568.105196][T17172] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  568.178609][ T2053] EXT4-fs error (device loop1): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1)
[  568.217063][ T2053] Quota error (device loop1): remove_tree: Can't read quota data block 1
[  568.225600][ T2053] EXT4-fs error (device loop1): ext4_release_dquot:7022: comm kworker/u8:8: Failed to release dquot type 0
[  568.243469][T17178] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  568.303070][T17178] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 2: comm syz.4.3363: lblock 2 mapped to illegal pblock 2 (length 1)
[  568.336316][T17192] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  568.361740][T17190] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3364'.
[  568.590314][T17178] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 48: comm syz.4.3363: lblock 0 mapped to illegal pblock 48 (length 1)
[  568.688755][T17191] loop7: detected capacity change from 0 to 1024
[  568.705829][T17178] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.3363: Failed to acquire dquot type 0
[  568.740459][T17191] EXT4-fs: Ignoring removed bh option
[  568.788038][T17191] EXT4-fs: inline encryption not supported
[  568.812965][T17178] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  568.861927][T17191] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  568.887024][T17178] EXT4-fs error (device loop4): ext4_evict_inode:253: inode #11: comm syz.4.3363: mark_inode_dirty error
[  568.994315][T17191] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  569.017922][T17178] EXT4-fs warning (device loop4): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  569.048878][T17191] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #3: block 2: comm syz.7.3365: lblock 2 mapped to illegal pblock 2 (length 1)
[  569.098252][T17178] EXT4-fs (loop4): 1 orphan inode deleted
[  569.116252][ T2053] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1)
[  569.166690][T17178] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  569.175804][T17191] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #3: block 48: comm syz.7.3365: lblock 0 mapped to illegal pblock 48 (length 1)
[  569.200444][ T2053] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:8: Failed to release dquot type 0
[  569.284206][T17191] EXT4-fs error (device loop7): ext4_acquire_dquot:6986: comm syz.7.3365: Failed to acquire dquot type 0
[  569.339450][T17191] EXT4-fs error (device loop7) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  569.385789][T17191] EXT4-fs error (device loop7): ext4_evict_inode:253: inode #11: comm syz.7.3365: mark_inode_dirty error
[  569.445275][T17191] EXT4-fs warning (device loop7): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  569.530493][T17191] EXT4-fs (loop7): 1 orphan inode deleted
[  569.545692][  T157] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1)
[  569.572579][  T157] EXT4-fs error (device loop7): ext4_release_dquot:7022: comm kworker/u8:4: Failed to release dquot type 0
[  569.599203][T17191] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  570.217103][T17196] 8021q: adding VLAN 0 to HW filter on device bond9
[  570.268217][T17196] macvlan2: entered promiscuous mode
[  570.273585][T17196] macvlan2: entered allmulticast mode
[  570.300979][T15846] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  570.326011][T15846] EXT4-fs error (device loop1): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  570.365649][T15846] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  570.394341][T15846] EXT4-fs error (device loop1): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error
[  570.410520][T17199] 9p: Bad value for 'wfdno'
[  570.438049][T17199] loop5: detected capacity change from 0 to 512
[  570.541503][T17199] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  570.557349][T13994] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  570.567687][T17199] EXT4-fs (loop5): orphan cleanup on readonly fs
[  570.585220][T17199] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #16: comm syz.5.3369: corrupted inode contents
[  570.608851][T13994] EXT4-fs error (device loop4): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  570.635111][T17199] EXT4-fs (loop5): Remounting filesystem read-only
[  570.647225][T13994] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  570.656484][T17199] EXT4-fs (loop5): 1 truncate cleaned up
[  570.662432][T10579] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  570.673025][T10579] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  570.684769][T13994] EXT4-fs error (device loop4): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error
[  570.715533][T10579] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  570.737437][T17199] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  570.757158][T17204] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3368'.
[  570.818396][ T8549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  571.003049][T17210] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3371'.
[  571.026287][T17210] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3371'.
[  571.142749][T12917] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  571.164114][T12917] EXT4-fs error (device loop7): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  571.218547][T12917] EXT4-fs error (device loop7) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  571.235776][T12917] EXT4-fs error (device loop7): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error
[  571.317254][T17221] loop7: detected capacity change from 0 to 128
[  571.330817][T17218] netlink: 'syz.5.3375': attribute type 27 has an invalid length.
[  571.338808][T17218] netlink: 'syz.5.3375': attribute type 4 has an invalid length.
[  571.346794][T17218] netlink: 144 bytes leftover after parsing attributes in process `syz.5.3375'.
[  571.404239][T17221] netlink: 3 bytes leftover after parsing attributes in process `syz.7.3374'.
[  571.429960][T17221] 0�X���: renamed from caif0
[  571.447857][T17221] 0�X���: entered allmulticast mode
[  571.453167][T17221] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[  571.476090][T17223] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3370'.
[  571.568700][T17226] loop1: detected capacity change from 0 to 512
[  571.571874][T17221] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  571.592559][T17221] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  571.626490][T17226] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.3376: invalid indirect mapped block 4294967295 (level 1)
[  571.709002][T17226] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.3376: invalid indirect mapped block 4294967295 (level 1)
[  571.769596][T17226] EXT4-fs (loop1): 2 truncates cleaned up
[  571.776231][T17226] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  571.790509][T17226] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  572.083958][   T29] kauditd_printk_skb: 198 callbacks suppressed
[  572.083973][   T29] audit: type=1326 audit(1766885252.957:29921): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17232 comm="syz.5.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41130cf749 code=0x7ffc0000
[  572.117913][T17233] __nla_validate_parse: 1 callbacks suppressed
[  572.117942][T17233] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3378'.
[  572.136202][T17234] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3377'.
[  572.156772][T17233] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3378'.
[  572.172730][   T29] audit: type=1326 audit(1766885252.987:29922): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17232 comm="syz.5.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f41130cf749 code=0x7ffc0000
[  572.196434][   T29] audit: type=1326 audit(1766885252.987:29923): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17232 comm="syz.5.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41130cf749 code=0x7ffc0000
[  572.220590][   T29] audit: type=1326 audit(1766885252.987:29924): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17232 comm="syz.5.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f41130cf749 code=0x7ffc0000
[  572.244408][   T29] audit: type=1326 audit(1766885252.997:29925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17232 comm="syz.5.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41130cf749 code=0x7ffc0000
[  572.268405][   T29] audit: type=1326 audit(1766885252.997:29926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17232 comm="syz.5.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f41130cf749 code=0x7ffc0000
[  572.292184][   T29] audit: type=1326 audit(1766885252.997:29927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17232 comm="syz.5.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41130cf749 code=0x7ffc0000
[  572.315935][   T29] audit: type=1326 audit(1766885252.997:29928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17232 comm="syz.5.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41130cf749 code=0x7ffc0000
[  572.339844][   T29] audit: type=1326 audit(1766885252.997:29929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17232 comm="syz.5.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f41130cf749 code=0x7ffc0000
[  572.363446][   T29] audit: type=1326 audit(1766885252.997:29930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17232 comm="syz.5.3378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41130cf749 code=0x7ffc0000
[  572.770250][T17239] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3380'.
[  572.781039][T17239] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3380'.
[  573.269804][T17245] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3382'.
[  573.374109][T17246] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3381'.
[  573.412670][T17248] netlink: 'syz.3.3383': attribute type 1 has an invalid length.
[  573.454249][T17248] 8021q: adding VLAN 0 to HW filter on device bond10
[  573.582623][T17251] 8021q: adding VLAN 0 to HW filter on device bond10
[  573.625285][T17254] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3384'.
[  573.634899][T17254] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3384'.
[  573.635312][T17251] bond10: (slave vxcan5): The slave device specified does not support setting the MAC address
[  573.698263][T17251] bond10: (slave vxcan5): Error -95 calling set_mac_address
[  573.766198][T17259] 9p: Bad value for 'wfdno'
[  573.776764][T17259] loop1: detected capacity change from 0 to 512
[  573.807620][T17259] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  573.946292][T17259] EXT4-fs (loop1): orphan cleanup on readonly fs
[  574.015807][T17259] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.3385: corrupted inode contents
[  574.037695][T17259] EXT4-fs (loop1): Remounting filesystem read-only
[  574.044540][T17259] EXT4-fs (loop1): 1 truncate cleaned up
[  574.050528][T15235] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  574.061121][T15235] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  574.075545][T15235] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  574.086474][T17259] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  574.101271][T17263] netlink: 'syz.4.3386': attribute type 1 has an invalid length.
[  574.167709][T17263] 8021q: adding VLAN 0 to HW filter on device bond7
[  574.189343][T15846] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  574.255638][T17263] macvlan3: entered promiscuous mode
[  574.260992][T17263] macvlan3: entered allmulticast mode
[  574.270855][T17263] bond7: entered promiscuous mode
[  574.276339][T17263] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  574.312394][T17263] bond7: left promiscuous mode
[  574.349833][T17269] netlink: 'syz.1.3388': attribute type 1 has an invalid length.
[  574.369521][T17269] 8021q: adding VLAN 0 to HW filter on device bond5
[  574.410144][T17269] 8021q: adding VLAN 0 to HW filter on device bond5
[  574.418715][T17269] bond5: (slave vxcan3): The slave device specified does not support setting the MAC address
[  574.440986][T17269] bond5: (slave vxcan3): Error -95 calling set_mac_address
[  574.564444][T17275] 9p: Bad value for 'wfdno'
[  574.574123][T17275] loop5: detected capacity change from 0 to 512
[  574.601197][T17275] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  574.612536][T17275] EXT4-fs (loop5): orphan cleanup on readonly fs
[  574.635304][T17275] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #16: comm syz.5.3389: corrupted inode contents
[  574.648763][T17275] EXT4-fs (loop5): Remounting filesystem read-only
[  574.655397][T17275] EXT4-fs (loop5): 1 truncate cleaned up
[  574.661323][T13281] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  574.671944][T13281] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  574.683668][T13281] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  574.694380][T17275] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  574.746345][ T8549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  574.929775][T17287] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3393'.
[  574.939465][T17286] netlink: 'syz.5.3392': attribute type 1 has an invalid length.
[  575.009436][T17286] 8021q: adding VLAN 0 to HW filter on device bond14
[  575.202452][T17283] loop3: detected capacity change from 0 to 1024
[  575.209342][T17283] EXT4-fs: Ignoring removed bh option
[  575.214808][T17283] EXT4-fs: inline encryption not supported
[  575.221145][T17283] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  575.272845][T17283] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  575.283595][T17283] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #3: block 2: comm syz.3.3394: lblock 2 mapped to illegal pblock 2 (length 1)
[  575.301093][T17283] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #3: block 48: comm syz.3.3394: lblock 0 mapped to illegal pblock 48 (length 1)
[  575.315628][T17283] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.3394: Failed to acquire dquot type 0
[  575.327093][T17283] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  575.336683][T17283] EXT4-fs error (device loop3): ext4_evict_inode:253: inode #11: comm syz.3.3394: mark_inode_dirty error
[  575.348175][T17283] EXT4-fs warning (device loop3): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  575.358855][T17283] EXT4-fs (loop3): 1 orphan inode deleted
[  575.365023][T17283] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  575.377560][ T6953] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:14: lblock 1 mapped to illegal pblock 1 (length 1)
[  575.445790][ T6953] EXT4-fs error (device loop3): ext4_release_dquot:7022: comm kworker/u8:14: Failed to release dquot type 0
[  575.499712][T14580] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  575.510590][T17301] loop1: detected capacity change from 0 to 1024
[  575.517418][T14580] EXT4-fs error (device loop3): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  575.548787][T17301] EXT4-fs: Ignoring removed bh option
[  575.557853][T14580] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  575.567719][T14580] EXT4-fs error (device loop3): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error
[  575.581381][T17301] EXT4-fs: inline encryption not supported
[  575.589540][T17301] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  575.633322][T17305] 9p: Bad value for 'wfdno'
[  575.643741][T17305] loop3: detected capacity change from 0 to 512
[  575.662016][T17301] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  575.674279][T17306] loop4: detected capacity change from 0 to 1024
[  575.681940][T17301] EXT4-fs error (device loop1): ext4_map_blocks:783: inode #3: block 2: comm syz.1.3395: lblock 2 mapped to illegal pblock 2 (length 1)
[  575.705882][T17305] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  575.714042][T17305] EXT4-fs (loop3): orphan cleanup on readonly fs
[  575.727272][T17305] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.3397: corrupted inode contents
[  575.773230][T17305] EXT4-fs (loop3): Remounting filesystem read-only
[  575.822004][T17305] EXT4-fs (loop3): 1 truncate cleaned up
[  575.827998][   T52] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  575.838662][   T52] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  575.853592][T17301] EXT4-fs error (device loop1): ext4_map_blocks:783: inode #3: block 48: comm syz.1.3395: lblock 0 mapped to illegal pblock 48 (length 1)
[  575.866770][T17311] 9p: Bad value for 'wfdno'
[  575.877974][T17311] loop5: detected capacity change from 0 to 512
[  575.896081][T17306] EXT4-fs: Ignoring removed bh option
[  575.901552][T17306] EXT4-fs: inline encryption not supported
[  575.916473][T17311] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  575.926259][T17311] EXT4-fs (loop5): orphan cleanup on readonly fs
[  575.933217][T17306] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  575.945471][T17311] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #16: comm syz.5.3398: corrupted inode contents
[  575.945548][   T52] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  575.975880][T17311] EXT4-fs (loop5): Remounting filesystem read-only
[  575.984145][T17306] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  575.999323][T17305] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  576.023357][T17311] EXT4-fs (loop5): 1 truncate cleaned up
[  576.030057][ T5454] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  576.040684][ T5454] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  576.052117][T14580] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  576.064578][T17316] 9p: Bad value for 'wfdno'
[  576.070216][T17306] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 2: comm syz.4.3396: lblock 2 mapped to illegal pblock 2 (length 1)
[  576.088786][T17316] loop7: detected capacity change from 0 to 512
[  576.099098][ T5454] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  576.109564][T17301] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.3395: Failed to acquire dquot type 0
[  576.149203][T17311] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  576.163015][T17316] EXT4-fs (loop7): revision level too high, forcing read-only mode
[  576.177469][T17301] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  576.191978][T17306] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 48: comm syz.4.3396: lblock 0 mapped to illegal pblock 48 (length 1)
[  576.192106][ T8549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  576.207158][T17306] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.3396: Failed to acquire dquot type 0
[  576.226930][T17306] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  576.236709][T17306] EXT4-fs error (device loop4): ext4_evict_inode:253: inode #11: comm syz.4.3396: mark_inode_dirty error
[  576.248425][T17306] EXT4-fs warning (device loop4): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  576.256439][T17316] EXT4-fs (loop7): orphan cleanup on readonly fs
[  576.265025][T17306] EXT4-fs (loop4): 1 orphan inode deleted
[  576.271334][T17306] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  576.284049][ T5454] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:13: lblock 1 mapped to illegal pblock 1 (length 1)
[  576.313859][T17301] EXT4-fs error (device loop1): ext4_evict_inode:253: inode #11: comm syz.1.3395: mark_inode_dirty error
[  576.337409][T17316] EXT4-fs error (device loop7): ext4_do_update_inode:5617: inode #16: comm syz.7.3399: corrupted inode contents
[  576.360367][ T5454] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:13: Failed to release dquot type 0
[  576.373263][T17301] EXT4-fs warning (device loop1): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  576.386371][T17316] EXT4-fs (loop7): Remounting filesystem read-only
[  576.412174][T17316] EXT4-fs (loop7): 1 truncate cleaned up
[  576.421060][T17326] netlink: 'syz.5.3401': attribute type 1 has an invalid length.
[  576.430940][T17301] EXT4-fs (loop1): 1 orphan inode deleted
[  576.437117][ T2053] EXT4-fs (loop7): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  576.447890][ T2053] EXT4-fs (loop7): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  576.465970][T17301] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  576.490255][T17326] 8021q: adding VLAN 0 to HW filter on device bond15
[  576.497079][ T2053] EXT4-fs (loop7): Quota write (off=8, len=24) cancelled because transaction is not started
[  576.548159][ T2053] EXT4-fs error (device loop1): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:8: lblock 1 mapped to illegal pblock 1 (length 1)
[  576.609200][T17330] 8021q: adding VLAN 0 to HW filter on device bond15
[  576.616606][T17330] bond15: (slave vxcan5): The slave device specified does not support setting the MAC address
[  576.635662][ T2053] EXT4-fs error (device loop1): ext4_release_dquot:7022: comm kworker/u8:8: Failed to release dquot type 0
[  576.650955][T17330] bond15: (slave vxcan5): Error -95 calling set_mac_address
[  576.667729][T17316] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  576.697791][T12917] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  576.931358][T17340] loop7: detected capacity change from 0 to 128
[  576.984521][T17340] 1�X���: renamed from 
60�X���
[  577.017809][T17340] A link change request failed with some changes committed already. Interface 
61�X��� may have been left with an inconsistent configuration, please check.
[  577.100830][T17340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  577.115744][T17340] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  577.285169][T15846] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  577.315799][T15846] EXT4-fs error (device loop1): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  577.345707][T15846] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  577.393763][T15846] EXT4-fs error (device loop1): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error
[  577.412200][T17346] __nla_validate_parse: 3 callbacks suppressed
[  577.412220][T17346] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3406'.
[  578.004917][T17357] loop7: detected capacity change from 0 to 512
[  578.024579][T17348] loop1: detected capacity change from 0 to 1024
[  578.031420][T17348] EXT4-fs: Ignoring removed bh option
[  578.036951][T17348] EXT4-fs: inline encryption not supported
[  578.043156][T17348] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  578.056262][T17348] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  578.065307][T17348] EXT4-fs error (device loop1): ext4_map_blocks:783: inode #3: block 2: comm syz.1.3408: lblock 2 mapped to illegal pblock 2 (length 1)
[  578.079818][T17348] __quota_error: 186 callbacks suppressed
[  578.079862][T17348] Quota error (device loop1): qtree_write_dquot: dquota write failed
[  578.093747][T17348] EXT4-fs error (device loop1): ext4_map_blocks:783: inode #3: block 48: comm syz.1.3408: lblock 0 mapped to illegal pblock 48 (length 1)
[  578.108325][T17348] Quota error (device loop1): v2_write_file_info: Can't write info structure
[  578.112001][T17357] EXT4-fs error (device loop7): ext4_get_branch:178: inode #11: block 4294967295: comm syz.7.3411: invalid block
[  578.117237][T17348] EXT4-fs error (device loop1): ext4_acquire_dquot:6986: comm syz.1.3408: Failed to acquire dquot type 0
[  578.140538][T17348] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  578.150088][T17348] EXT4-fs error (device loop1): ext4_evict_inode:253: inode #11: comm syz.1.3408: mark_inode_dirty error
[  578.161647][T17348] EXT4-fs warning (device loop1): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  578.161668][T17357] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #11: comm syz.7.3411: invalid indirect mapped block 4294967295 (level 1)
[  578.171903][T17348] EXT4-fs (loop1): 1 orphan inode deleted
[  578.172812][T17348] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  578.186884][T13268] EXT4-fs error (device loop1): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:29: lblock 1 mapped to illegal pblock 1 (length 1)
[  578.238565][T17357] EXT4-fs error (device loop7): ext4_free_branches:1023: inode #11: comm syz.7.3411: invalid indirect mapped block 4294967295 (level 1)
[  578.276449][T17357] EXT4-fs (loop7): 2 truncates cleaned up
[  578.289517][T17357] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  578.313436][T13268] Quota error (device loop1): remove_tree: Can't read quota data block 1
[  578.321963][T13268] EXT4-fs error (device loop1): ext4_release_dquot:7022: comm kworker/u8:29: Failed to release dquot type 0
[  578.372087][T13994] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  578.391652][T13994] EXT4-fs error (device loop4): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  578.406383][T12917] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  578.406512][T15846] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  578.415433][T13994] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  578.447646][T13994] EXT4-fs error (device loop4): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error
[  578.462539][T15846] EXT4-fs error (device loop1): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  578.497613][T17361] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3413'.
[  578.516117][T15846] EXT4-fs error (device loop1) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  578.530500][T15846] EXT4-fs error (device loop1): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error
[  578.540285][T17363] loop4: detected capacity change from 0 to 512
[  578.553847][T17363] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm gtp: invalid indirect mapped block 4294967295 (level 1)
[  578.569870][T17363] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #11: comm gtp: invalid indirect mapped block 4294967295 (level 1)
[  578.584394][T17363] EXT4-fs (loop4): 2 truncates cleaned up
[  578.621098][T17363] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  578.639020][T17367] loop1: detected capacity change from 0 to 128
[  578.647972][T17367] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3414'.
[  578.658496][T17367] 0�X���: renamed from caif0
[  578.665150][T17367] 0�X���: entered allmulticast mode
[  578.670508][T17367] A link change request failed with some changes committed already. Interface 
60�X��� may have been left with an inconsistent configuration, please check.
[  578.697975][T17367] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3414'.
[  578.712724][T17363] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  578.729856][T17367] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  578.745711][T17367] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  578.769568][T17363] netlink: 44 bytes leftover after parsing attributes in process `gtp'.
[  579.107231][T17375] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3417'.
[  579.624939][T17390] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3416'.
[  579.662727][T17379] EXT4-fs: Ignoring removed bh option
[  579.668396][T17379] EXT4-fs: inline encryption not supported
[  579.704427][T17379] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  579.718503][T17379] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  579.727566][T17379] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 2: comm syz.4.3420: lblock 2 mapped to illegal pblock 2 (length 1)
[  579.741664][T17379] Quota error (device loop4): qtree_write_dquot: dquota write failed
[  579.749794][T17379] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 48: comm syz.4.3420: lblock 0 mapped to illegal pblock 48 (length 1)
[  579.764183][T17379] Quota error (device loop4): v2_write_file_info: Can't write info structure
[  579.773008][T17379] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.3420: Failed to acquire dquot type 0
[  579.789678][T17379] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  579.799259][T17379] EXT4-fs error (device loop4): ext4_evict_inode:253: inode #11: comm syz.4.3420: mark_inode_dirty error
[  579.811186][T17379] EXT4-fs warning (device loop4): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  579.821505][T17379] EXT4-fs (loop4): 1 orphan inode deleted
[  579.827869][T17379] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  579.843389][T16929] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:40: lblock 1 mapped to illegal pblock 1 (length 1)
[  579.909129][T16929] Quota error (device loop4): remove_tree: Can't read quota data block 1
[  579.917775][T16929] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:40: Failed to release dquot type 0
[  579.967754][T17392] EXT4-fs: Ignoring removed bh option
[  579.973237][T17392] EXT4-fs: inline encryption not supported
[  580.076993][T17392] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  580.116817][T17392] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  580.179551][T13994] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  580.189448][T17392] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #3: block 2: comm syz.7.3421: lblock 2 mapped to illegal pblock 2 (length 1)
[  580.245923][T13994] EXT4-fs error (device loop4): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  580.280375][T17392] Quota error (device loop7): qtree_write_dquot: dquota write failed
[  580.293822][T13994] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  580.300801][T17392] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #3: block 48: comm syz.7.3421: lblock 0 mapped to illegal pblock 48 (length 1)
[  580.318012][T17392] Quota error (device loop7): v2_write_file_info: Can't write info structure
[  580.325996][T13994] EXT4-fs error (device loop4): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error
[  580.327107][T17392] EXT4-fs error (device loop7): ext4_acquire_dquot:6986: comm syz.7.3421: Failed to acquire dquot type 0
[  580.365234][T17392] EXT4-fs error (device loop7) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  580.408202][T17392] EXT4-fs error (device loop7): ext4_evict_inode:253: inode #11: comm syz.7.3421: mark_inode_dirty error
[  580.421534][T17392] EXT4-fs warning (device loop7): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  580.431990][T17392] EXT4-fs (loop7): 1 orphan inode deleted
[  580.438132][T17392] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  580.451046][ T7943] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:16: lblock 1 mapped to illegal pblock 1 (length 1)
[  580.468675][ T7943] Quota error (device loop7): remove_tree: Can't read quota data block 1
[  580.477230][ T7943] EXT4-fs error (device loop7): ext4_release_dquot:7022: comm kworker/u8:16: Failed to release dquot type 0
[  580.542685][T17402] set_capacity_and_notify: 2 callbacks suppressed
[  580.542718][T17402] loop4: detected capacity change from 0 to 1024
[  580.558397][T17402] EXT4-fs: Ignoring removed oldalloc option
[  580.564394][T17402] EXT4-fs: Ignoring removed nomblk_io_submit option
[  580.615765][T17403] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3422'.
[  580.817168][T12917] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  580.827318][T17402] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  580.944080][T12917] EXT4-fs error (device loop7): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  580.967953][T13994] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  581.005766][T12917] EXT4-fs error (device loop7) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  581.025499][T12917] EXT4-fs error (device loop7): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error
[  581.136444][   T29] audit: type=1326 audit(1766885262.017:30078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17408 comm="syz.7.3425" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3d176f749 code=0x7ffc0000
[  581.176156][T17409] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3425'.
[  581.209482][T17409] netlink: 32 bytes leftover after parsing attributes in process `syz.7.3425'.
[  581.400778][T17420] loop3: detected capacity change from 0 to 1024
[  581.420592][T17420] EXT4-fs: Ignoring removed bh option
[  581.426258][T17420] EXT4-fs: inline encryption not supported
[  581.436089][T17420] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  581.494594][T17423] netlink: 'syz.1.3430': attribute type 1 has an invalid length.
[  581.508145][T17420] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  581.558384][T17423] 8021q: adding VLAN 0 to HW filter on device bond6
[  581.611859][T17423] 8021q: adding VLAN 0 to HW filter on device bond6
[  581.615065][T17420] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #3: block 2: comm syz.3.3426: lblock 2 mapped to illegal pblock 2 (length 1)
[  581.637784][T17423] bond6: (slave vxcan3): The slave device specified does not support setting the MAC address
[  581.652344][T17423] bond6: (slave vxcan3): Error -95 calling set_mac_address
[  581.682556][T17420] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #3: block 48: comm syz.3.3426: lblock 0 mapped to illegal pblock 48 (length 1)
[  581.761274][T17420] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.3426: Failed to acquire dquot type 0
[  581.849188][T17420] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  581.926276][T17420] EXT4-fs error (device loop3): ext4_evict_inode:253: inode #11: comm syz.3.3426: mark_inode_dirty error
[  581.966358][T17420] EXT4-fs warning (device loop3): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  582.018809][T17420] EXT4-fs (loop3): 1 orphan inode deleted
[  582.036098][T11872] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:21: lblock 1 mapped to illegal pblock 1 (length 1)
[  582.055522][T11872] EXT4-fs error (device loop3): ext4_release_dquot:7022: comm kworker/u8:21: Failed to release dquot type 0
[  582.072359][T17420] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  582.474830][T17441] __nla_validate_parse: 1 callbacks suppressed
[  582.474850][T17441] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3434'.
[  582.703799][T17439] syz.1.3434 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  582.718072][T17439] CPU: 0 UID: 0 PID: 17439 Comm: syz.1.3434 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  582.718145][T17439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  582.718163][T17439] Call Trace:
[  582.718173][T17439]  <TASK>
[  582.718183][T17439]  __dump_stack+0x1d/0x30
[  582.718234][T17439]  dump_stack_lvl+0x95/0xd0
[  582.718257][T17439]  dump_stack+0x15/0x1b
[  582.718286][T17439]  dump_header+0x81/0x240
[  582.718315][T17439]  oom_kill_process+0x295/0x350
[  582.718354][T17439]  out_of_memory+0x97b/0xb80
[  582.718387][T17439]  try_charge_memcg+0x610/0xa10
[  582.718423][T17439]  obj_cgroup_charge_pages+0xa6/0x150
[  582.718516][T17439]  __memcg_kmem_charge_page+0x9f/0x170
[  582.718563][T17439]  __alloc_frozen_pages_noprof+0x18f/0x360
[  582.718595][T17439]  alloc_pages_mpol+0xb3/0x260
[  582.718653][T17439]  alloc_pages_noprof+0x90/0x130
[  582.718775][T17439]  __vmalloc_node_range_noprof+0xa7b/0x1310
[  582.718825][T17439]  __kvmalloc_node_noprof+0x492/0x6b0
[  582.718884][T17439]  ? ip_set_alloc+0x24/0x30
[  582.718916][T17439]  ? ip_set_alloc+0x24/0x30
[  582.719008][T17439]  ip_set_alloc+0x24/0x30
[  582.719050][T17439]  hash_netiface_create+0x282/0x740
[  582.719092][T17439]  ? __pfx_hash_netiface_create+0x10/0x10
[  582.719159][T17439]  ip_set_create+0x3cc/0x970
[  582.719189][T17439]  ? __nla_parse+0x40/0x60
[  582.719226][T17439]  nfnetlink_rcv_msg+0x4c6/0x590
[  582.719306][T17439]  netlink_rcv_skb+0x123/0x220
[  582.719395][T17439]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  582.719433][T17439]  nfnetlink_rcv+0x167/0x16c0
[  582.719588][T17439]  ? kmem_cache_free+0xe3/0x3a0
[  582.719623][T17439]  ? __kfree_skb+0x109/0x150
[  582.719659][T17439]  ? nlmon_xmit+0x4f/0x60
[  582.719685][T17439]  ? consume_skb+0x49/0x150
[  582.719714][T17439]  ? nlmon_xmit+0x4f/0x60
[  582.719824][T17439]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  582.719860][T17439]  ? __dev_queue_xmit+0x138d/0x1ec0
[  582.719957][T17439]  ? __dev_queue_xmit+0x148/0x1ec0
[  582.719996][T17439]  ? ref_tracker_free+0x37d/0x3e0
[  582.720032][T17439]  ? __netlink_deliver_tap+0x4dc/0x500
[  582.720104][T17439]  netlink_unicast+0x5c0/0x690
[  582.720160][T17439]  netlink_sendmsg+0x58b/0x6b0
[  582.720206][T17439]  ? __pfx_netlink_sendmsg+0x10/0x10
[  582.720254][T17439]  __sock_sendmsg+0x145/0x180
[  582.720317][T17439]  ____sys_sendmsg+0x31e/0x4a0
[  582.720363][T17439]  ___sys_sendmsg+0x17b/0x1d0
[  582.720430][T17439]  __x64_sys_sendmsg+0xd4/0x160
[  582.720476][T17439]  x64_sys_call+0x17ba/0x3000
[  582.720542][T17439]  do_syscall_64+0xca/0x2b0
[  582.720585][T17439]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  582.720677][T17439] RIP: 0033:0x7f9a0541f749
[  582.720754][T17439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  582.720773][T17439] RSP: 002b:00007f9a03e87038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  582.720820][T17439] RAX: ffffffffffffffda RBX: 00007f9a05675fa0 RCX: 00007f9a0541f749
[  582.720837][T17439] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003
[  582.720853][T17439] RBP: 00007f9a054a3f91 R08: 0000000000000000 R09: 0000000000000000
[  582.720869][T17439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  582.720938][T17439] R13: 00007f9a05676038 R14: 00007f9a05675fa0 R15: 00007ffe43992718
[  582.720963][T17439]  </TASK>
[  582.720973][T17439] memory: usage 307200kB, limit 307200kB, failcnt 10354
[  583.052769][T17439] memory+swap: usage 307380kB, limit 9007199254740988kB, failcnt 0
[  583.060747][T17439] kmem: usage 307128kB, limit 9007199254740988kB, failcnt 0
[  583.068083][T17439] Memory cgroup stats for /syz1:
[  583.068314][T17452] loop4: detected capacity change from 0 to 1024
[  583.095787][T17439] cache 0
[  583.098980][T17439] rss 28672
[  583.102113][T17439] shmem 0
[  583.105091][T17439] mapped_file 0
[  583.108616][T17439] dirty 0
[  583.111579][T17439] writeback 0
[  583.114877][T17439] workingset_refault_anon 2372
[  583.119758][T17439] workingset_refault_file 9664
[  583.124550][T17439] swap 184320
[  583.128043][T17439] swapcached 32768
[  583.131827][T17439] pgpgin 544947
[  583.135414][T17439] pgpgout 544929
[  583.139086][T17439] pgfault 645910
[  583.142702][T17439] pgmajfault 1554
[  583.146384][T17439] inactive_anon 32768
[  583.150385][T17439] active_anon 0
[  583.153950][T17439] inactive_file 40960
[  583.157970][T17439] active_file 0
[  583.161449][T17439] unevictable 0
[  583.165024][T17439] hierarchical_memory_limit 314572800
[  583.170447][T17439] hierarchical_memsw_limit 9223372036854771712
[  583.176664][T17439] total_cache 0
[  583.180150][T17439] total_rss 28672
[  583.183811][T17439] total_shmem 0
[  583.187333][T17439] total_mapped_file 0
[  583.191338][T17439] total_dirty 0
[  583.194809][T17439] total_writeback 0
[  583.198678][T17439] total_workingset_refault_anon 2372
[  583.203972][T17439] total_workingset_refault_file 9664
[  583.209367][T17439] total_swap 184320
[  583.213185][T17439] total_swapcached 32768
[  583.217469][T17439] total_pgpgin 544947
[  583.221482][T17439] total_pgpgout 544929
[  583.225626][T17439] total_pgfault 645910
[  583.229172][T17452] EXT4-fs: Ignoring removed oldalloc option
[  583.229723][T17439] total_pgmajfault 1554
[  583.235955][T17452] EXT4-fs: Ignoring removed nomblk_io_submit option
[  583.240110][T17439] total_inactive_anon 32768
[  583.240124][T17439] total_active_anon 0
[  583.240134][T17439] total_inactive_file 40960
[  583.240143][T17439] total_active_file 0
[  583.240177][T17439] total_unevictable 0
[  583.240186][T17439] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null)
[  583.252172][T17452] /dev/loop4: Can't open blockdev
[  583.255336][T17439] ,cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.3434,pid=17438,uid=0
[  583.290130][T17439] Memory cgroup out of memory: Killed process 17438 (syz.1.3434) total-vm:100384kB, anon-rss:1244kB, file-rss:26564kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[  583.315594][   T29] kauditd_printk_skb: 110 callbacks suppressed
[  583.315616][   T29] audit: type=1400 audit(1766885264.107:30186): avc:  denied  { mounton } for  pid=17451 comm="syz.4.3439" path="/137/file1" dev="tmpfs" ino=729 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  583.378215][T17456] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  583.386953][   T29] audit: type=1400 audit(1766885264.257:30187): avc:  denied  { map_create } for  pid=17455 comm="syz.4.3440" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  583.406589][   T29] audit: type=1400 audit(1766885264.257:30188): avc:  denied  { map_read map_write } for  pid=17455 comm="syz.4.3440" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  583.426752][   T29] audit: type=1400 audit(1766885264.257:30189): avc:  denied  { read write } for  pid=17455 comm="syz.4.3440" name="raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  583.450648][   T29] audit: type=1400 audit(1766885264.257:30190): avc:  denied  { open } for  pid=17455 comm="syz.4.3440" path="/dev/raw-gadget" dev="devtmpfs" ino=142 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  583.474734][   T29] audit: type=1400 audit(1766885264.257:30191): avc:  denied  { ioctl } for  pid=17455 comm="syz.4.3440" path="/dev/raw-gadget" dev="devtmpfs" ino=142 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  583.486020][T17456] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  583.532886][T17457] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3435'.
[  583.564834][   T29] audit: type=1400 audit(1766885264.387:30192): avc:  denied  { create } for  pid=17442 comm="syz.7.3435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  583.585906][   T29] audit: type=1400 audit(1766885264.397:30193): avc:  denied  { write } for  pid=17442 comm="syz.7.3435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  583.606584][   T29] audit: type=1400 audit(1766885264.397:30194): avc:  denied  { read } for  pid=17442 comm="syz.7.3435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  583.665423][   T29] audit: type=1400 audit(1766885264.517:30195): avc:  denied  { firmware_load } for  pid=17442 comm="syz.7.3435" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  583.728024][T14580] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  583.739304][T14580] EXT4-fs error (device loop3): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  583.775673][T14580] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  583.785338][T14580] EXT4-fs error (device loop3): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error
[  583.882046][T17465] 9p: Bad value for 'wfdno'
[  583.891336][T17465] loop1: detected capacity change from 0 to 512
[  583.911356][T17469] 9p: Bad value for 'wfdno'
[  583.921627][T17469] loop5: detected capacity change from 0 to 512
[  583.929210][T17465] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  583.937422][T17465] EXT4-fs (loop1): orphan cleanup on readonly fs
[  583.944385][T17469] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  583.954501][T17465] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.3443: corrupted inode contents
[  583.955922][T17469] EXT4-fs (loop5): orphan cleanup on readonly fs
[  583.967338][T17465] EXT4-fs (loop1): Remounting filesystem read-only
[  583.979620][T17465] EXT4-fs (loop1): 1 truncate cleaned up
[  583.985555][ T7943] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  583.996334][ T7943] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  584.013360][T17469] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #16: comm syz.5.3445: corrupted inode contents
[  584.035849][ T7943] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  584.046009][T17469] EXT4-fs (loop5): Remounting filesystem read-only
[  584.046413][T17469] EXT4-fs (loop5): 1 truncate cleaned up
[  584.065848][ T7943] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  584.076606][ T7943] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  584.105570][ T7943] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  584.116693][T17465] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  584.130381][T17469] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  584.154191][T15846] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  584.205365][T17474] netlink: 'syz.1.3446': attribute type 1 has an invalid length.
[  584.232423][T17474] 8021q: adding VLAN 0 to HW filter on device bond7
[  584.241488][ T8549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  584.256501][T17474] 8021q: adding VLAN 0 to HW filter on device bond7
[  584.337515][T17474] bond7: (slave vxcan3): The slave device specified does not support setting the MAC address
[  584.373681][T17474] bond7: (slave vxcan3): Error -95 calling set_mac_address
[  585.078470][T17493] loop7: detected capacity change from 0 to 1024
[  585.169736][T17493] EXT4-fs: Ignoring removed bh option
[  585.204308][T17498] netlink: 'syz.3.3452': attribute type 27 has an invalid length.
[  585.212042][T17493] EXT4-fs: inline encryption not supported
[  585.212520][T17498] netlink: 'syz.3.3452': attribute type 4 has an invalid length.
[  585.225949][T17498] netlink: 144 bytes leftover after parsing attributes in process `syz.3.3452'.
[  585.293176][T17493] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  585.455550][T17493] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  585.476962][T17493] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #3: block 2: comm syz.7.3450: lblock 2 mapped to illegal pblock 2 (length 1)
[  585.504580][T17493] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #3: block 48: comm syz.7.3450: lblock 0 mapped to illegal pblock 48 (length 1)
[  585.527986][T17506] 8021q: adding VLAN 0 to HW filter on device bond11
[  585.545859][T17511] macvlan3: entered promiscuous mode
[  585.551354][T17511] macvlan3: entered allmulticast mode
[  585.558272][T17511] bond11: entered promiscuous mode
[  585.561506][T17493] EXT4-fs error (device loop7): ext4_acquire_dquot:6986: comm syz.7.3450: Failed to acquire dquot type 0
[  585.564170][T17511] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  585.647794][T17511] bond11: left promiscuous mode
[  585.653338][T17493] EXT4-fs error (device loop7) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  585.691981][T17493] EXT4-fs error (device loop7): ext4_evict_inode:253: inode #11: comm syz.7.3450: mark_inode_dirty error
[  585.709636][T17515] loop4: detected capacity change from 0 to 1024
[  585.733618][T17515] EXT4-fs: Ignoring removed bh option
[  585.756935][T17493] EXT4-fs warning (device loop7): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  585.786237][T17515] EXT4-fs: inline encryption not supported
[  585.823363][T17515] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  585.835567][T17493] EXT4-fs (loop7): 1 orphan inode deleted
[  585.841809][T17493] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  585.855673][ T7943] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:16: lblock 1 mapped to illegal pblock 1 (length 1)
[  585.874016][ T7943] EXT4-fs error (device loop7): ext4_release_dquot:7022: comm kworker/u8:16: Failed to release dquot type 0
[  585.926202][T17515] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  585.935446][T17515] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 2: comm syz.4.3453: lblock 2 mapped to illegal pblock 2 (length 1)
[  585.963707][T17515] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 48: comm syz.4.3453: lblock 0 mapped to illegal pblock 48 (length 1)
[  586.044382][T17515] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.3453: Failed to acquire dquot type 0
[  586.122207][T17515] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  586.145842][T17515] EXT4-fs error (device loop4): ext4_evict_inode:253: inode #11: comm syz.4.3453: mark_inode_dirty error
[  586.186284][T17515] EXT4-fs warning (device loop4): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  586.233027][T17515] EXT4-fs (loop4): 1 orphan inode deleted
[  586.256882][T17515] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  586.292209][T17521] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3457'.
[  586.321934][ T7943] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:16: lblock 1 mapped to illegal pblock 1 (length 1)
[  586.348826][T17520] 8021q: adding VLAN 0 to HW filter on device bond16
[  586.357393][T17524] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  586.375298][ T7943] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:16: Failed to release dquot type 0
[  586.419396][T17524] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  586.485724][T17528] loop3: detected capacity change from 0 to 1024
[  586.492915][T17528] EXT4-fs: Ignoring removed oldalloc option
[  586.499040][T17528] EXT4-fs: Ignoring removed nomblk_io_submit option
[  586.526242][T17528] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  586.650722][T14580] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  586.845966][T17536] loop3: detected capacity change from 0 to 512
[  586.883465][T17536] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm gtp: invalid indirect mapped block 4294967295 (level 1)
[  586.925907][T17536] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm gtp: invalid indirect mapped block 4294967295 (level 1)
[  586.938707][T12917] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  586.954219][T17536] EXT4-fs (loop3): 2 truncates cleaned up
[  586.960430][T12917] EXT4-fs error (device loop7): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  586.974619][T17539] netlink: 'syz.5.3464': attribute type 1 has an invalid length.
[  586.993649][T17536] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  587.018735][T12917] EXT4-fs error (device loop7) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  587.038797][T17539] 8021q: adding VLAN 0 to HW filter on device bond17
[  587.045923][T12917] EXT4-fs error (device loop7): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error
[  587.059818][T17542] netlink: 'syz.1.3466': attribute type 27 has an invalid length.
[  587.067795][T17542] netlink: 'syz.1.3466': attribute type 4 has an invalid length.
[  587.075577][T17542] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3466'.
[  587.093114][T17536] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  587.117126][T17543] 8021q: adding VLAN 0 to HW filter on device bond17
[  587.137753][T13994] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  587.145589][T17543] bond17: (slave vxcan5): The slave device specified does not support setting the MAC address
[  587.161399][T17543] bond17: (slave vxcan5): Error -95 calling set_mac_address
[  587.171066][T13994] EXT4-fs error (device loop4): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  587.200899][T13994] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  587.210927][T13994] EXT4-fs error (device loop4): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error
[  587.256083][T17550] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  587.297997][T17536] netlink: 44 bytes leftover after parsing attributes in process `gtp'.
[  587.306783][T17550] SELinux: failed to load policy
[  587.381781][T17558] loop7: detected capacity change from 0 to 1024
[  587.392568][T17558] EXT4-fs: Ignoring removed oldalloc option
[  587.398621][T17558] EXT4-fs: Ignoring removed nomblk_io_submit option
[  587.428074][T17558] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  587.441600][T17561] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3473'.
[  587.489125][T12917] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  587.573906][T17566] 8021q: adding VLAN 0 to HW filter on device bond18
[  587.589503][T17566] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3474'.
[  587.699411][T17572] SELinux: ebitmap: truncated map
[  587.705069][T17572] SELinux: failed to load policy
[  587.760527][T17578] netlink: 'syz.7.3478': attribute type 27 has an invalid length.
[  587.768553][T17578] netlink: 'syz.7.3478': attribute type 4 has an invalid length.
[  587.776398][T17578] netlink: 144 bytes leftover after parsing attributes in process `syz.7.3478'.
[  587.818807][T17580] syzkaller0: entered promiscuous mode
[  587.824463][T17580] syzkaller0: entered allmulticast mode
[  587.860530][T17582] 9p: Bad value for 'wfdno'
[  587.869981][T17582] loop3: detected capacity change from 0 to 512
[  587.887590][T17582] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  587.904850][T17582] EXT4-fs (loop3): orphan cleanup on readonly fs
[  587.927786][T17582] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #16: comm syz.3.3481: corrupted inode contents
[  587.940077][T17582] EXT4-fs (loop3): Remounting filesystem read-only
[  587.947251][T17582] EXT4-fs (loop3): 1 truncate cleaned up
[  587.965607][T17035] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  587.976214][T17035] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  587.995660][T17035] EXT4-fs (loop3): Quota write (off=8, len=24) cancelled because transaction is not started
[  588.006427][T17582] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  588.055253][T14580] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  588.067950][T17588] syzkaller0: entered promiscuous mode
[  588.073567][T17588] syzkaller0: entered allmulticast mode
[  588.194370][T17592] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3484'.
[  588.281367][T17601] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3486'.
[  588.471572][T17607] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=17607 comm=syz.7.3490
[  588.481392][   T29] kauditd_printk_skb: 130 callbacks suppressed
[  588.481444][   T29] audit: type=1400 audit(1766885269.347:30302): avc:  denied  { ioctl } for  pid=17608 comm="syz.5.3491" path="socket:[51526]" dev="sockfs" ino=51526 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  588.484418][T17607] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=17607 comm=syz.7.3490
[  588.595560][T17607] netlink: 'syz.7.3490': attribute type 27 has an invalid length.
[  588.603437][T17607] netlink: 'syz.7.3490': attribute type 4 has an invalid length.
[  588.611233][T17607] netlink: 144 bytes leftover after parsing attributes in process `syz.7.3490'.
[  588.646639][T17610] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3487'.
[  588.687568][   T29] audit: type=1400 audit(1766885269.567:30303): avc:  denied  { firmware_load } for  pid=17596 comm="syz.3.3487" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[  588.798782][T17618] 9p: Bad value for 'wfdno'
[  588.834551][T17618] loop5: detected capacity change from 0 to 512
[  588.906339][T17618] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  588.935917][T17618] EXT4-fs (loop5): orphan cleanup on readonly fs
[  588.957723][T17625] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3497'.
[  589.049217][T17618] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #16: comm syz.5.3495: corrupted inode contents
[  589.079704][T17618] EXT4-fs (loop5): Remounting filesystem read-only
[  589.107846][T17618] EXT4-fs (loop5): 1 truncate cleaned up
[  589.113778][T10574] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  589.124460][T10574] Quota error (device loop5): write_blk: dquota write failed
[  589.131944][T10574] Quota error (device loop5): remove_free_dqentry: Can't write block (5) with free entries
[  589.142117][T10574] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  589.152705][T10574] Quota error (device loop5): write_blk: dquota write failed
[  589.160210][T10574] Quota error (device loop5): free_dqentry: Can't move quota data block (5) to free list
[  589.171804][T17628] syzkaller0: entered promiscuous mode
[  589.172489][T10574] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  589.177442][T17628] syzkaller0: entered allmulticast mode
[  589.187569][T10574] Quota error (device loop5): v2_write_file_info: Can't write info structure
[  589.202435][T10574] Quota error (device loop5): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  589.213332][T17618] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  589.237865][ T8549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  589.256468][T17629] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  589.265385][T17629] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  589.310953][T17631] loop5: detected capacity change from 0 to 512
[  589.362479][T17631] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.3499: invalid indirect mapped block 4294967295 (level 1)
[  589.391490][T17631] EXT4-fs error (device loop5): ext4_free_branches:1023: inode #11: comm syz.5.3499: invalid indirect mapped block 4294967295 (level 1)
[  589.410373][T17637] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3501'.
[  589.434871][T17637] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3501'.
[  589.441448][   T29] audit: type=1326 audit(1766885270.287:30304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17636 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa17a0bf749 code=0x7ffc0000
[  589.467583][   T29] audit: type=1326 audit(1766885270.287:30305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17636 comm="syz.4.3501" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa17a0bf749 code=0x7ffc0000
[  589.698579][T17631] EXT4-fs (loop5): 2 truncates cleaned up
[  589.704901][T17631] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  589.734776][T17631] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  589.993160][T17645] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=17645 comm=syz.3.3504
[  590.005914][T17645] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=17645 comm=syz.3.3504
[  590.021468][T17645] netlink: 'syz.3.3504': attribute type 27 has an invalid length.
[  590.029482][T17645] netlink: 'syz.3.3504': attribute type 4 has an invalid length.
[  590.037282][T17645] netlink: 144 bytes leftover after parsing attributes in process `syz.3.3504'.
[  590.248878][T17652] loop4: detected capacity change from 0 to 512
[  590.255766][T17652] EXT4-fs: Ignoring removed i_version option
[  590.396106][T17652] EXT4-fs (loop4): orphan cleanup on readonly fs
[  590.404617][T17652] EXT4-fs warning (device loop4): ext4_xattr_inode_get:560: inode #11: comm syz.4.3507: EA inode hash validation failed
[  590.475954][T17662] netlink: 'syz.1.3511': attribute type 1 has an invalid length.
[  590.495661][T17652] EXT4-fs error (device loop4): ext4_xattr_inode_update_ref:1037: inode #11: comm syz.4.3507: EA inode 11 ref wraparound: ref_count=0 ref_change=-1
[  590.512883][T17661] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  590.525726][T17661] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  590.536330][T17652] EXT4-fs (loop4): Remounting filesystem read-only
[  590.537347][T17662] 8021q: adding VLAN 0 to HW filter on device bond8
[  590.542956][T17652] EXT4-fs warning (device loop4): ext4_xattr_inode_dec_ref_all:1230: inode #11: comm syz.4.3507: ea_inode dec ref err=-117
[  590.569810][T17666] 8021q: adding VLAN 0 to HW filter on device bond8
[  590.577204][T17652] EXT4-fs warning (device loop4): ext4_evict_inode:273: xattr delete (err -30)
[  590.589729][T17666] bond8: (slave vxcan3): The slave device specified does not support setting the MAC address
[  590.602495][T17652] EXT4-fs (loop4): 1 orphan inode deleted
[  590.610433][T17652] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  590.624119][T17666] bond8: (slave vxcan3): Error -95 calling set_mac_address
[  591.095497][T17685] 9p: Bad value for 'wfdno'
[  591.127850][T17685] loop5: detected capacity change from 0 to 512
[  591.486036][T17685] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  591.519718][T17685] EXT4-fs (loop5): orphan cleanup on readonly fs
[  591.608317][T17685] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #16: comm syz.5.3513: corrupted inode contents
[  591.692997][T17685] EXT4-fs (loop5): Remounting filesystem read-only
[  591.749056][T17767] 8021q: adding VLAN 0 to HW filter on device bond12
[  591.768906][T17685] EXT4-fs (loop5): 1 truncate cleaned up
[  591.777947][T12224] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  591.788647][T12224] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  591.860359][T12224] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  591.863960][T17779] 8021q: adding VLAN 0 to HW filter on device bond12
[  591.877947][T17685] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  591.922936][T17779] bond12: (slave vxcan5): The slave device specified does not support setting the MAC address
[  591.941470][T17779] bond12: (slave vxcan5): Error -95 calling set_mac_address
[  591.949549][T17797] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=17797 comm=syz.1.3516
[  591.950131][ T8549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  591.962270][T17797] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=17797 comm=syz.1.3516
[  591.984967][T17797] validate_nla: 1 callbacks suppressed
[  591.984984][T17797] netlink: 'syz.1.3516': attribute type 27 has an invalid length.
[  591.998706][T17797] netlink: 'syz.1.3516': attribute type 4 has an invalid length.
[  592.186302][T17814] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  592.198134][T17814] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  592.340691][T13994] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  592.504832][T17820] loop4: detected capacity change from 0 to 512
[  592.511742][T17820] EXT4-fs: Ignoring removed bh option
[  592.519628][T17820] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  592.530858][T17820] EXT4-fs (loop4): 1 truncate cleaned up
[  592.537947][T17820] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  592.571377][T13994] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  592.704846][T17828] loop3: detected capacity change from 0 to 512
[  592.712123][T17828] EXT4-fs: Ignoring removed bh option
[  592.737721][T17828] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  592.758487][T17828] EXT4-fs (loop3): 1 truncate cleaned up
[  592.765845][T17828] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  592.837344][T14580] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  592.934603][T17840] loop7: detected capacity change from 0 to 2048
[  592.972209][T17840] EXT4-fs: Ignoring removed nomblk_io_submit option
[  592.994138][T17840] EXT4-fs: Ignoring removed nobh option
[  593.026700][T17850] netlink: 'syz.5.3538': attribute type 1 has an invalid length.
[  593.039273][T17840] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  593.076970][T17850] 8021q: adding VLAN 0 to HW filter on device bond19
[  593.088337][T12917] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  593.115348][T17850] 8021q: adding VLAN 0 to HW filter on device bond19
[  593.126503][T17850] bond19: (slave vxcan5): The slave device specified does not support setting the MAC address
[  593.145834][T17860] loop3: detected capacity change from 0 to 512
[  593.157299][T17850] bond19: (slave vxcan5): Error -95 calling set_mac_address
[  593.186002][T17860] EXT4-fs: Ignoring removed bh option
[  593.199156][T17860] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  593.206336][T17867] __nla_validate_parse: 4 callbacks suppressed
[  593.206436][T17867] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3544'.
[  593.224410][T17860] EXT4-fs (loop3): 1 truncate cleaned up
[  593.235102][T17860] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  593.287893][T14580] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  593.375281][T17877] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  593.462857][T17881] netlink: 'syz.7.3547': attribute type 1 has an invalid length.
[  593.478120][T17881] 8021q: adding VLAN 0 to HW filter on device bond5
[  593.498026][T17881] macvlan2: entered promiscuous mode
[  593.503490][T17881] macvlan2: entered allmulticast mode
[  593.510471][T17881] bond5: entered promiscuous mode
[  593.516011][T17881] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  593.524756][T17881] bond5: left promiscuous mode
[  593.686190][T17888] loop4: detected capacity change from 0 to 512
[  593.693166][T17888] EXT4-fs: Ignoring removed i_version option
[  593.701752][T17888] EXT4-fs (loop4): orphan cleanup on readonly fs
[  593.708557][T17888] EXT4-fs warning (device loop4): ext4_xattr_inode_get:560: inode #11: comm syz.4.3550: EA inode hash validation failed
[  593.721522][T17888] EXT4-fs error (device loop4): ext4_xattr_inode_update_ref:1037: inode #11: comm syz.4.3550: EA inode 11 ref wraparound: ref_count=0 ref_change=-1
[  593.736934][T17888] EXT4-fs (loop4): Remounting filesystem read-only
[  593.743484][T17888] EXT4-fs warning (device loop4): ext4_xattr_inode_dec_ref_all:1230: inode #11: comm syz.4.3550: ea_inode dec ref err=-117
[  593.756506][T17888] EXT4-fs warning (device loop4): ext4_evict_inode:273: xattr delete (err -30)
[  593.765700][T17888] EXT4-fs (loop4): 1 orphan inode deleted
[  593.772056][T17888] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  593.930430][   T29] kauditd_printk_skb: 68 callbacks suppressed
[  593.930449][   T29] audit: type=1326 audit(1766885274.807:30368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17899 comm="syz.1.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a0541f749 code=0x7ffc0000
[  593.951758][T17900] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3555'.
[  594.111383][T17904] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3555'.
[  594.149160][   T29] audit: type=1326 audit(1766885274.827:30369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17899 comm="syz.1.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9a0541f749 code=0x7ffc0000
[  594.172911][   T29] audit: type=1326 audit(1766885274.827:30370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17899 comm="syz.1.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a0541f749 code=0x7ffc0000
[  594.196616][   T29] audit: type=1326 audit(1766885274.827:30371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17899 comm="syz.1.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9a0541f749 code=0x7ffc0000
[  594.220558][   T29] audit: type=1326 audit(1766885274.827:30372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17899 comm="syz.1.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a0541f749 code=0x7ffc0000
[  594.244275][   T29] audit: type=1326 audit(1766885274.827:30373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17899 comm="syz.1.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9a0541f749 code=0x7ffc0000
[  594.267982][   T29] audit: type=1326 audit(1766885274.827:30374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17899 comm="syz.1.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a0541f749 code=0x7ffc0000
[  594.291692][   T29] audit: type=1326 audit(1766885274.827:30375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17899 comm="syz.1.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9a0541f749 code=0x7ffc0000
[  594.315568][   T29] audit: type=1326 audit(1766885274.827:30376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17899 comm="syz.1.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9a0541f749 code=0x7ffc0000
[  594.339688][   T29] audit: type=1326 audit(1766885274.827:30377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=17899 comm="syz.1.3555" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f9a0541f749 code=0x7ffc0000
[  594.377950][T17910] 8021q: adding VLAN 0 to HW filter on device bond6
[  594.862192][T17912] loop3: detected capacity change from 0 to 512
[  594.888569][T17912] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm gtp: invalid block
[  594.900567][T13994] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  594.993852][T17912] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm gtp: invalid indirect mapped block 4294967295 (level 1)
[  595.013330][T17963] 9p: Bad value for 'wfdno'
[  595.022403][T17963] loop1: detected capacity change from 0 to 512
[  595.031786][T17912] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm gtp: invalid indirect mapped block 4294967295 (level 1)
[  595.046214][T17963] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  595.060217][T17963] EXT4-fs (loop1): orphan cleanup on readonly fs
[  595.078213][T17963] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #16: comm syz.1.3560: corrupted inode contents
[  595.115408][T17912] EXT4-fs (loop3): 2 truncates cleaned up
[  595.128660][T17967] loop5: detected capacity change from 0 to 1024
[  595.135999][T17912] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  595.139093][T17963] EXT4-fs (loop1): Remounting filesystem read-only
[  595.156858][T17912] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  595.166248][T17963] EXT4-fs (loop1): 1 truncate cleaned up
[  595.172007][T10579] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  595.182682][T10579] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  595.187128][T17967] EXT4-fs: Ignoring removed bh option
[  595.196005][T10579] EXT4-fs (loop1): Quota write (off=8, len=24) cancelled because transaction is not started
[  595.220420][T17963] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  595.236643][T17967] EXT4-fs: inline encryption not supported
[  595.247385][T17967] EXT4-fs (loop5): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  595.286568][T17912] netlink: 44 bytes leftover after parsing attributes in process `gtp'.
[  595.336635][T17967] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  595.358532][T17967] EXT4-fs error (device loop5): ext4_map_blocks:783: inode #3: block 2: comm syz.5.3556: lblock 2 mapped to illegal pblock 2 (length 1)
[  595.383272][T15846] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  595.427324][T17977] loop7: detected capacity change from 0 to 164
[  595.466236][T17967] EXT4-fs error (device loop5): ext4_map_blocks:783: inode #3: block 48: comm syz.5.3556: lblock 0 mapped to illegal pblock 48 (length 1)
[  595.516481][T17967] EXT4-fs error (device loop5): ext4_acquire_dquot:6986: comm syz.5.3556: Failed to acquire dquot type 0
[  595.580022][T17967] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  595.620829][T17967] EXT4-fs error (device loop5): ext4_evict_inode:253: inode #11: comm syz.5.3556: mark_inode_dirty error
[  595.622303][T17985] EXT4-fs: Ignoring removed nomblk_io_submit option
[  595.683783][T17989] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm gtp: invalid block
[  595.724824][T17967] EXT4-fs warning (device loop5): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  595.735752][T17967] EXT4-fs (loop5): 1 orphan inode deleted
[  595.741685][T17989] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm gtp: invalid indirect mapped block 4294967295 (level 1)
[  595.744045][T17985] EXT4-fs: Ignoring removed nobh option
[  595.762297][T17989] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm gtp: invalid indirect mapped block 4294967295 (level 1)
[  595.762361][T17967] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  595.788426][  T157] EXT4-fs error (device loop5): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1)
[  595.789864][T17989] EXT4-fs (loop3): 2 truncates cleaned up
[  595.809484][T17989] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  595.825209][  T157] EXT4-fs error (device loop5): ext4_release_dquot:7022: comm kworker/u8:4: Failed to release dquot type 0
[  595.825225][T17985] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  595.856801][T17989] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  595.880251][T15846] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  596.048868][T18002] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=18002 comm=syz.1.3571
[  596.061479][T18002] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=18002 comm=syz.1.3571
[  596.139809][T18000] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  596.202151][T18002] netlink: 'syz.1.3571': attribute type 27 has an invalid length.
[  596.210092][T18002] netlink: 'syz.1.3571': attribute type 4 has an invalid length.
[  596.218007][T18002] netlink: 144 bytes leftover after parsing attributes in process `syz.1.3571'.
[  596.345875][T18009] netlink: 'syz.4.3573': attribute type 4 has an invalid length.
[  596.474923][T18015] set_capacity_and_notify: 2 callbacks suppressed
[  596.474945][T18015] loop3: detected capacity change from 0 to 128
[  596.488604][T18016] netlink: 'syz.1.3575': attribute type 4 has an invalid length.
[  596.519182][T18017] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3574'.
[  596.786578][ T8549] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  596.797299][ T8549] EXT4-fs error (device loop5): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  596.811183][ T8549] EXT4-fs error (device loop5) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  596.821089][ T8549] EXT4-fs error (device loop5): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error
[  596.919201][T18005] syz.7.3574 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  596.933425][T18005] CPU: 0 UID: 0 PID: 18005 Comm: syz.7.3574 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  596.933458][T18005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  596.933475][T18005] Call Trace:
[  596.933485][T18005]  <TASK>
[  596.933549][T18005]  __dump_stack+0x1d/0x30
[  596.933633][T18005]  dump_stack_lvl+0x95/0xd0
[  596.933657][T18005]  dump_stack+0x15/0x1b
[  596.933681][T18005]  dump_header+0x81/0x240
[  596.933706][T18005]  oom_kill_process+0x295/0x350
[  596.933735][T18005]  out_of_memory+0x97b/0xb80
[  596.933786][T18005]  try_charge_memcg+0x610/0xa10
[  596.933818][T18005]  obj_cgroup_charge_pages+0xa6/0x150
[  596.933876][T18005]  __memcg_kmem_charge_page+0x9f/0x170
[  596.933916][T18005]  __alloc_frozen_pages_noprof+0x18f/0x360
[  596.934036][T18005]  alloc_pages_mpol+0xb3/0x260
[  596.934074][T18005]  alloc_pages_noprof+0x90/0x130
[  596.934110][T18005]  __vmalloc_node_range_noprof+0xa7b/0x1310
[  596.934154][T18005]  __kvmalloc_node_noprof+0x492/0x6b0
[  596.934264][T18005]  ? ip_set_alloc+0x24/0x30
[  596.934345][T18005]  ? ip_set_alloc+0x24/0x30
[  596.934378][T18005]  ip_set_alloc+0x24/0x30
[  596.934415][T18005]  hash_netiface_create+0x282/0x740
[  596.934467][T18005]  ? __pfx_hash_netiface_create+0x10/0x10
[  596.934508][T18005]  ip_set_create+0x3cc/0x970
[  596.934539][T18005]  ? __nla_parse+0x40/0x60
[  596.934608][T18005]  nfnetlink_rcv_msg+0x4c6/0x590
[  596.934663][T18005]  netlink_rcv_skb+0x123/0x220
[  596.934700][T18005]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  596.934746][T18005]  nfnetlink_rcv+0x167/0x16c0
[  596.934777][T18005]  ? kmem_cache_free+0xe3/0x3a0
[  596.934805][T18005]  ? __kfree_skb+0x109/0x150
[  596.935015][T18005]  ? nlmon_xmit+0x4f/0x60
[  596.935036][T18005]  ? consume_skb+0x49/0x150
[  596.935064][T18005]  ? nlmon_xmit+0x4f/0x60
[  596.935117][T18005]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  596.935180][T18005]  ? __dev_queue_xmit+0x138d/0x1ec0
[  596.935302][T18005]  ? __dev_queue_xmit+0x148/0x1ec0
[  596.935335][T18005]  ? ref_tracker_free+0x37d/0x3e0
[  596.935363][T18005]  ? __netlink_deliver_tap+0x4dc/0x500
[  596.935401][T18005]  netlink_unicast+0x5c0/0x690
[  596.935513][T18005]  netlink_sendmsg+0x58b/0x6b0
[  596.935572][T18005]  ? __pfx_netlink_sendmsg+0x10/0x10
[  596.935632][T18005]  __sock_sendmsg+0x145/0x180
[  596.935659][T18005]  ____sys_sendmsg+0x31e/0x4a0
[  596.935754][T18005]  ___sys_sendmsg+0x17b/0x1d0
[  596.935799][T18005]  __x64_sys_sendmsg+0xd4/0x160
[  596.935839][T18005]  x64_sys_call+0x17ba/0x3000
[  596.935863][T18005]  do_syscall_64+0xca/0x2b0
[  596.935898][T18005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  596.935920][T18005] RIP: 0033:0x7fc3d176f749
[  596.936046][T18005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  596.936065][T18005] RSP: 002b:00007fc3d01cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  596.936085][T18005] RAX: ffffffffffffffda RBX: 00007fc3d19c5fa0 RCX: 00007fc3d176f749
[  596.936097][T18005] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003
[  596.936109][T18005] RBP: 00007fc3d17f3f91 R08: 0000000000000000 R09: 0000000000000000
[  596.936121][T18005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  596.936133][T18005] R13: 00007fc3d19c6038 R14: 00007fc3d19c5fa0 R15: 00007ffed32ba028
[  596.936196][T18005]  </TASK>
[  596.969080][T18026] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3580'.
[  596.971348][T18005] memory: usage 307200kB, limit 307200kB, failcnt 5235
[  597.078641][T18026] loop4: detected capacity change from 0 to 7
[  597.080932][T18005] memory+swap: usage 307380kB, limit 9007199254740988kB, failcnt 0
[  597.089196][T18026] buffer_io_error: 16 callbacks suppressed
[  597.089240][T18026] Buffer I/O error on dev loop4, logical block 0, async page read
[  597.090457][T18005] kmem: usage 307152kB, limit 9007199254740988kB, failcnt 0
[  597.095090][T18026] Buffer I/O error on dev loop4, logical block 0, async page read
[  597.095108][T18026]  loop4: unable to read partition table
[  597.099470][T18005] Memory cgroup stats for /syz7:
[  597.100323][T18005] cache 0
[  597.123478][T18026] loop_reread_partitions: partition scan of loop4 (���������S�j̖�P=ý?�}X���	���%��`��ր����5) failed (rc=-5)
[  597.124331][T18005] rss 0
[  597.124343][T18005] shmem 0
[  597.141300][ T8561] Buffer I/O error on dev loop4, logical block 0, async page read
[  597.144517][T18005] mapped_file 0
[  597.144530][T18005] dirty 0
[  597.144540][T18005] writeback 0
[  597.151364][ T8561] Buffer I/O error on dev loop4, logical block 0, async page read
[  597.154623][T18005] workingset_refault_anon 1681
[  597.154707][T18005] workingset_refault_file 3
[  597.160363][ T8561] Buffer I/O error on dev loop4, logical block 0, async page read
[  597.164135][T18005] swap 184320
[  597.164170][T18005] swapcached 28672
[  597.164178][T18005] pgpgin 159535
[  597.170265][ T8561] Buffer I/O error on dev loop4, logical block 0, async page read
[  597.173770][T18005] pgpgout 159523
[  597.173784][T18005] pgfault 182482
[  597.173794][T18005] pgmajfault 1009
[  597.173805][T18005] inactive_anon 28672
[  597.179247][ T8561] Buffer I/O error on dev loop4, logical block 0, async page read
[  597.184301][T18005] active_anon 0
[  597.184313][T18005] inactive_file 20480
[  597.184324][T18005] active_file 0
[  597.184334][T18005] unevictable 0
[  597.189824][ T8561] Buffer I/O error on dev loop4, logical block 0, async page read
[  597.208477][T18005] hierarchical_memory_limit 314572800
[  597.208491][T18005] hierarchical_memsw_limit 9223372036854771712
[  597.208503][T18005] total_cache 0
[  597.208512][T18005] total_rss 0
[  597.208581][T18005] total_shmem 0
[  597.208590][T18005] total_mapped_file 0
[  597.208601][T18005] total_dirty 0
[  597.208612][T18005] total_writeback 0
[  597.247466][ T8561] Buffer I/O error on dev loop4, logical block 0, async page read
[  597.249163][T18005] total_workingset_refault_anon 1681
[  597.266389][ T8561] Buffer I/O error on dev loop4, logical block 0, async page read
[  597.269058][T18005] total_workingset_refault_file 3
[  597.323588][ T3003]  loop4: unable to read partition table
[  597.324525][T18005] total_swap 184320
[  597.526468][T18005] total_swapcached 28672
[  597.530812][T18005] total_pgpgin 159535
[  597.534820][T18005] total_pgpgout 159523
[  597.539832][T18005] total_pgfault 182482
[  597.544033][T18005] total_pgmajfault 1009
[  597.548961][T18005] total_inactive_anon 28672
[  597.549015][ T3003]  loop4: unable to read partition table
[  597.553513][T18005] total_active_anon 0
[  597.553525][T18005] total_inactive_file 20480
[  597.553537][T18005] total_active_file 0
[  597.571800][T18005] total_unevictable 0
[  597.576032][T18005] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz7,task_memcg=/syz7,task=syz.7.3574,pid=18004,uid=0
[  597.591030][T18005] Memory cgroup out of memory: Killed process 18004 (syz.7.3574) total-vm:96148kB, anon-rss:1136kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  597.694538][T18033] loop1: detected capacity change from 0 to 1024
[  597.707744][T18035] loop3: detected capacity change from 0 to 128
[  597.719701][T18035] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  597.733000][ T3003]  loop4: unable to read partition table
[  597.749470][T18039] netlink: 24 bytes leftover after parsing attributes in process `syz.7.3586'.
[  597.768461][T18033] EXT4-fs: Ignoring removed oldalloc option
[  597.772527][T18035] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  597.774605][T18033] EXT4-fs: Ignoring removed nomblk_io_submit option
[  597.823369][T18033] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  598.024250][T18056] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3591'.
[  598.035592][T18056] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3591'.
[  598.177775][T18062] netlink: 'syz.5.3594': attribute type 1 has an invalid length.
[  598.202096][T18062] 8021q: adding VLAN 0 to HW filter on device bond20
[  598.221859][T18062] macvlan5: entered promiscuous mode
[  598.227259][T18062] macvlan5: entered allmulticast mode
[  598.233681][T18062] bond20: entered promiscuous mode
[  598.239293][T18062] 8021q: adding VLAN 0 to HW filter on device macvlan5
[  598.247795][T18062] bond20: left promiscuous mode
[  598.318877][T15846] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  598.386863][T18066] loop4: detected capacity change from 0 to 1024
[  598.396900][T18066] EXT4-fs: Ignoring removed bh option
[  598.404081][T18066] EXT4-fs: inline encryption not supported
[  598.423877][T18066] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  598.503554][T18066] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  598.624884][T18066] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 2: comm syz.4.3593: lblock 2 mapped to illegal pblock 2 (length 1)
[  598.701956][T18066] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 48: comm syz.4.3593: lblock 0 mapped to illegal pblock 48 (length 1)
[  598.879580][T18066] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.3593: Failed to acquire dquot type 0
[  598.948634][T18090] loop7: detected capacity change from 0 to 128
[  598.955397][   T29] kauditd_printk_skb: 227 callbacks suppressed
[  598.955415][   T29] audit: type=1400 audit(1766885279.827:30594): avc:  denied  { mounton } for  pid=18089 comm="syz.7.3604" path="/222/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="tmpfs" ino=1185 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  599.016011][T18066] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  599.075948][T18093] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3605'.
[  599.095289][T18066] EXT4-fs error (device loop4): ext4_evict_inode:253: inode #11: comm syz.4.3593: mark_inode_dirty error
[  599.116663][T18093] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3605'.
[  599.135536][   T29] audit: type=1400 audit(1766885279.907:30595): avc:  denied  { mount } for  pid=18089 comm="syz.7.3604" name="/" dev="loop7" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1
[  599.158260][   T29] audit: type=1326 audit(1766885279.927:30596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18092 comm="syz.5.3605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41130cf749 code=0x7ffc0000
[  599.181983][   T29] audit: type=1326 audit(1766885279.927:30597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18092 comm="syz.5.3605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41130cf749 code=0x7ffc0000
[  599.205683][   T29] audit: type=1326 audit(1766885279.937:30598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18092 comm="syz.5.3605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f41130cf749 code=0x7ffc0000
[  599.229453][   T29] audit: type=1326 audit(1766885279.937:30599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18092 comm="syz.5.3605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41130cf749 code=0x7ffc0000
[  599.253154][   T29] audit: type=1326 audit(1766885279.937:30600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18092 comm="syz.5.3605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41130cf749 code=0x7ffc0000
[  599.276843][   T29] audit: type=1326 audit(1766885279.937:30601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18092 comm="syz.5.3605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f41130cf749 code=0x7ffc0000
[  599.300618][   T29] audit: type=1326 audit(1766885279.937:30602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18092 comm="syz.5.3605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41130cf749 code=0x7ffc0000
[  599.324354][   T29] audit: type=1326 audit(1766885279.937:30603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18092 comm="syz.5.3605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41130cf749 code=0x7ffc0000
[  599.354123][T18066] EXT4-fs warning (device loop4): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  599.400421][T18070] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3595'.
[  599.406882][T18066] EXT4-fs (loop4): 1 orphan inode deleted
[  599.426128][  T157] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:4: lblock 1 mapped to illegal pblock 1 (length 1)
[  599.436600][T18099] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=18099 comm=syz.7.3607
[  599.452927][T18099] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=18099 comm=syz.7.3607
[  599.468756][  T157] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:4: Failed to release dquot type 0
[  599.488289][T18066] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  599.497420][T18099] netlink: 'syz.7.3607': attribute type 27 has an invalid length.
[  599.508669][T18099] netlink: 'syz.7.3607': attribute type 4 has an invalid length.
[  599.516485][T18099] netlink: 144 bytes leftover after parsing attributes in process `syz.7.3607'.
[  599.570613][T18101] loop3: detected capacity change from 0 to 512
[  599.614699][T18101] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm gtp: invalid block
[  599.674390][T18101] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm gtp: invalid indirect mapped block 4294967295 (level 1)
[  599.689255][T18101] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm gtp: invalid indirect mapped block 4294967295 (level 1)
[  599.705758][T18101] EXT4-fs (loop3): 2 truncates cleaned up
[  599.712061][T18101] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  599.727206][T18101] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  599.814833][T18111] loop5: detected capacity change from 0 to 128
[  599.830984][T18101] netlink: 44 bytes leftover after parsing attributes in process `gtp'.
[  599.846926][ T3930] Bluetooth: hci0: Frame reassembly failed (-84)
[  600.157461][T18129] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=18129 comm=syz.3.3619
[  600.170083][T18129] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=64 sclass=netlink_route_socket pid=18129 comm=syz.3.3619
[  600.182889][T18129] netlink: 'syz.3.3619': attribute type 27 has an invalid length.
[  600.190849][T18129] netlink: 'syz.3.3619': attribute type 4 has an invalid length.
[  600.198621][T18129] netlink: 144 bytes leftover after parsing attributes in process `syz.3.3619'.
[  600.216514][T13994] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  600.226751][T13994] EXT4-fs error (device loop4): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  600.258953][T13994] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  600.268987][T13994] EXT4-fs error (device loop4): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error
[  600.285793][T18131] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  600.966532][T18146] loop3: detected capacity change from 0 to 1024
[  600.979970][T18146] EXT4-fs: Ignoring removed bh option
[  601.004819][T18146] EXT4-fs: inline encryption not supported
[  601.052202][T18146] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  601.096173][T18146] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  601.115864][T18146] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #3: block 2: comm syz.3.3621: lblock 2 mapped to illegal pblock 2 (length 1)
[  601.166568][T18146] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #3: block 48: comm syz.3.3621: lblock 0 mapped to illegal pblock 48 (length 1)
[  601.200382][T18146] EXT4-fs error (device loop3): ext4_acquire_dquot:6986: comm syz.3.3621: Failed to acquire dquot type 0
[  601.232926][T18146] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  601.291750][T18160] loop7: detected capacity change from 0 to 1024
[  601.316003][T18160] EXT4-fs: Ignoring removed bh option
[  601.327492][T18146] EXT4-fs error (device loop3): ext4_evict_inode:253: inode #11: comm syz.3.3621: mark_inode_dirty error
[  601.342583][T18160] EXT4-fs: inline encryption not supported
[  601.365274][T18146] EXT4-fs warning (device loop3): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  601.387055][T18160] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  601.403025][T18146] EXT4-fs (loop3): 1 orphan inode deleted
[  601.420846][T12224] EXT4-fs error (device loop3): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:23: lblock 1 mapped to illegal pblock 1 (length 1)
[  601.436812][T18160] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  601.439783][T18146] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  601.447013][T18160] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #3: block 2: comm syz.7.3625: lblock 2 mapped to illegal pblock 2 (length 1)
[  601.473409][T18160] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #3: block 48: comm syz.7.3625: lblock 0 mapped to illegal pblock 48 (length 1)
[  601.490211][T18160] EXT4-fs error (device loop7): ext4_acquire_dquot:6986: comm syz.7.3625: Failed to acquire dquot type 0
[  601.501848][T18160] EXT4-fs error (device loop7) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  601.522431][T18160] EXT4-fs error (device loop7): ext4_evict_inode:253: inode #11: comm syz.7.3625: mark_inode_dirty error
[  601.680096][T12224] EXT4-fs error (device loop3): ext4_release_dquot:7022: comm kworker/u8:23: Failed to release dquot type 0
[  601.692044][T18160] EXT4-fs warning (device loop7): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  601.783114][T18160] EXT4-fs (loop7): 1 orphan inode deleted
[  601.796071][T18160] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  601.810086][T12224] EXT4-fs error (device loop7): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:23: lblock 1 mapped to illegal pblock 1 (length 1)
[  601.846499][T12224] EXT4-fs error (device loop7): ext4_release_dquot:7022: comm kworker/u8:23: Failed to release dquot type 0
[  601.858264][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  601.864350][ T3511] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  602.013136][T18172] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  602.042601][T18172] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  602.084065][T18173] loop4: detected capacity change from 0 to 1024
[  602.096165][T18173] EXT4-fs: Ignoring removed bh option
[  602.157254][T18173] EXT4-fs: inline encryption not supported
[  602.180442][T18176] netlink: 'syz.1.3634': attribute type 1 has an invalid length.
[  602.198741][T18173] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  602.215149][T18176] 8021q: adding VLAN 0 to HW filter on device bond9
[  602.234823][T18176] macvlan2: entered promiscuous mode
[  602.240225][T18176] macvlan2: entered allmulticast mode
[  602.247247][T18176] bond9: entered promiscuous mode
[  602.252645][T18176] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  602.262171][T18176] bond9: left promiscuous mode
[  602.274673][T18173] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  602.285963][T14580] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  602.295591][T14580] EXT4-fs error (device loop3): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  602.372250][T14580] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  602.387686][T18173] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 2: comm syz.4.3631: lblock 2 mapped to illegal pblock 2 (length 1)
[  602.429129][T14580] EXT4-fs error (device loop3): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error
[  602.436201][T18173] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 48: comm syz.4.3631: lblock 0 mapped to illegal pblock 48 (length 1)
[  602.498268][T18173] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.3631: Failed to acquire dquot type 0
[  602.530096][T18173] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  602.550060][T18173] EXT4-fs error (device loop4): ext4_evict_inode:253: inode #11: comm syz.4.3631: mark_inode_dirty error
[  602.687486][T18186] loop5: detected capacity change from 0 to 512
[  602.691144][T18173] EXT4-fs warning (device loop4): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  602.694687][T18186] EXT4-fs: Ignoring removed bh option
[  602.719088][T12917] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  602.757568][T18173] EXT4-fs (loop4): 1 orphan inode deleted
[  602.764329][T18173] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  602.849863][T18186] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  602.878439][T18186] EXT4-fs (loop5): 1 truncate cleaned up
[  602.885724][T18186] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  603.265763][  T157] Bluetooth: hci0: Frame reassembly failed (-84)
[  603.309332][T11872] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:21: lblock 1 mapped to illegal pblock 1 (length 1)
[  603.324640][T11872] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:21: Failed to release dquot type 0
[  603.337421][T12917] EXT4-fs error (device loop7): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  603.351051][T12917] EXT4-fs error (device loop7) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  603.360991][T12917] EXT4-fs error (device loop7): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error
[  603.594009][T18214] 8021q: adding VLAN 0 to HW filter on device bond21
[  603.605231][T18216] loop3: detected capacity change from 0 to 1024
[  603.616843][T18214] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3649'.
[  603.625958][T18214] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3649'.
[  603.676142][T18216] EXT4-fs: Ignoring removed oldalloc option
[  603.682203][T18216] EXT4-fs: Ignoring removed nomblk_io_submit option
[  603.711040][T13994] EXT4-fs error (device loop4): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  603.724341][T13994] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  603.734547][T13994] EXT4-fs error (device loop4): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error
[  603.819024][T18227] netlink: 8 bytes leftover after parsing attributes in process `syz.7.3650'.
[  603.948893][T18229] loop4: detected capacity change from 0 to 512
[  603.975717][   T29] kauditd_printk_skb: 136 callbacks suppressed
[  603.975737][   T29] audit: type=1400 audit(1766885284.857:30730): avc:  denied  { mounton } for  pid=18228 comm="gtp" path="/172/file0" dev="tmpfs" ino=911 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  604.004929][T18229] /dev/loop4: Can't open blockdev
[  604.012359][T18229] netlink: 44 bytes leftover after parsing attributes in process `gtp'.
[  604.057094][   T29] audit: type=1326 audit(1766885284.897:30731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18217 comm="syz.7.3650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3d176f749 code=0x7ffc0000
[  604.080950][   T29] audit: type=1326 audit(1766885284.897:30732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18217 comm="syz.7.3650" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc3d176f749 code=0x7ffc0000
[  604.104579][   T29] audit: type=1400 audit(1766885284.897:30733): avc:  denied  { map_create } for  pid=18228 comm="gtp" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  604.123547][   T29] audit: type=1400 audit(1766885284.897:30734): avc:  denied  { open } for  pid=18228 comm="gtp" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  604.142398][   T29] audit: type=1400 audit(1766885284.897:30735): avc:  denied  { perfmon } for  pid=18228 comm="gtp" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  604.162959][   T29] audit: type=1400 audit(1766885284.897:30736): avc:  denied  { kernel } for  pid=18228 comm="gtp" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[  604.282179][   T29] audit: type=1400 audit(1766885285.157:30737): avc:  denied  { unlink } for  pid=13994 comm="syz-executor" name="file0" dev="tmpfs" ino=911 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  604.315912][T18232] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3654'.
[  604.328721][   T29] audit: type=1400 audit(1766885285.187:30738): avc:  denied  { bpf } for  pid=18231 comm="syz.4.3654" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  604.349629][   T29] audit: type=1400 audit(1766885285.187:30739): avc:  denied  { map_read map_write } for  pid=18231 comm="syz.4.3654" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  604.360794][T18218] syz.7.3650 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  604.383782][T18218] CPU: 1 UID: 0 PID: 18218 Comm: syz.7.3650 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  604.383898][T18218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  604.383918][T18218] Call Trace:
[  604.383928][T18218]  <TASK>
[  604.383938][T18218]  __dump_stack+0x1d/0x30
[  604.384013][T18218]  dump_stack_lvl+0x95/0xd0
[  604.384039][T18218]  dump_stack+0x15/0x1b
[  604.384091][T18218]  dump_header+0x81/0x240
[  604.384117][T18218]  oom_kill_process+0x295/0x350
[  604.384205][T18218]  out_of_memory+0x97b/0xb80
[  604.384239][T18218]  try_charge_memcg+0x610/0xa10
[  604.384276][T18218]  obj_cgroup_charge_pages+0xa6/0x150
[  604.384356][T18218]  __memcg_kmem_charge_page+0x9f/0x170
[  604.384413][T18218]  __alloc_frozen_pages_noprof+0x18f/0x360
[  604.384459][T18218]  alloc_pages_mpol+0xb3/0x260
[  604.384498][T18218]  alloc_pages_noprof+0x90/0x130
[  604.384548][T18218]  __vmalloc_node_range_noprof+0xa7b/0x1310
[  604.384601][T18218]  __kvmalloc_node_noprof+0x492/0x6b0
[  604.384731][T18218]  ? ip_set_alloc+0x24/0x30
[  604.384765][T18218]  ? ip_set_alloc+0x24/0x30
[  604.384803][T18218]  ip_set_alloc+0x24/0x30
[  604.384883][T18218]  hash_netiface_create+0x282/0x740
[  604.384985][T18218]  ? __pfx_hash_netiface_create+0x10/0x10
[  604.385021][T18218]  ip_set_create+0x3cc/0x970
[  604.385131][T18218]  ? __nla_parse+0x40/0x60
[  604.385225][T18218]  nfnetlink_rcv_msg+0x4c6/0x590
[  604.385277][T18218]  netlink_rcv_skb+0x123/0x220
[  604.385308][T18218]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  604.385354][T18218]  nfnetlink_rcv+0x167/0x16c0
[  604.385396][T18218]  ? kmem_cache_free+0xe3/0x3a0
[  604.385497][T18218]  ? __kfree_skb+0x109/0x150
[  604.385530][T18218]  ? nlmon_xmit+0x4f/0x60
[  604.385556][T18218]  ? consume_skb+0x49/0x150
[  604.385673][T18218]  ? nlmon_xmit+0x4f/0x60
[  604.385699][T18218]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  604.385743][T18218]  ? __dev_queue_xmit+0x138d/0x1ec0
[  604.385797][T18218]  ? __dev_queue_xmit+0x148/0x1ec0
[  604.385838][T18218]  ? ref_tracker_free+0x37d/0x3e0
[  604.385950][T18218]  ? __netlink_deliver_tap+0x4dc/0x500
[  604.386034][T18218]  netlink_unicast+0x5c0/0x690
[  604.386067][T18218]  netlink_sendmsg+0x58b/0x6b0
[  604.386107][T18218]  ? __pfx_netlink_sendmsg+0x10/0x10
[  604.386180][T18218]  __sock_sendmsg+0x145/0x180
[  604.386209][T18218]  ____sys_sendmsg+0x31e/0x4a0
[  604.386307][T18218]  ___sys_sendmsg+0x17b/0x1d0
[  604.386434][T18218]  __x64_sys_sendmsg+0xd4/0x160
[  604.386517][T18218]  x64_sys_call+0x17ba/0x3000
[  604.386548][T18218]  do_syscall_64+0xca/0x2b0
[  604.386600][T18218]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  604.386632][T18218] RIP: 0033:0x7fc3d176f749
[  604.386655][T18218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  604.386739][T18218] RSP: 002b:00007fc3d01cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  604.386766][T18218] RAX: ffffffffffffffda RBX: 00007fc3d19c5fa0 RCX: 00007fc3d176f749
[  604.386784][T18218] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000003
[  604.386803][T18218] RBP: 00007fc3d17f3f91 R08: 0000000000000000 R09: 0000000000000000
[  604.386821][T18218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  604.386867][T18218] R13: 00007fc3d19c6038 R14: 00007fc3d19c5fa0 R15: 00007ffed32ba028
[  604.386930][T18218]  </TASK>
[  604.709732][T18218] memory: usage 307200kB, limit 307200kB, failcnt 5406
[  604.716771][T18218] memory+swap: usage 307380kB, limit 9007199254740988kB, failcnt 0
[  604.724723][T18218] kmem: usage 307152kB, limit 9007199254740988kB, failcnt 0
[  604.732105][T18218] Memory cgroup stats for /syz7:
[  604.743724][T18218] cache 0
[  604.751781][T18218] rss 28672
[  604.754928][T18218] shmem 0
[  604.757932][T18218] mapped_file 0
[  604.761422][T18218] dirty 0
[  604.764401][T18218] writeback 28672
[  604.768086][T18218] workingset_refault_anon 1725
[  604.772917][T18218] workingset_refault_file 3
[  604.777553][T18218] swap 184320
[  604.780866][T18218] swapcached 28672
[  604.784668][T18218] pgpgin 163329
[  604.788246][T18218] pgpgout 163317
[  604.791829][T18218] pgfault 187531
[  604.795532][T18218] pgmajfault 1036
[  604.799294][T18218] inactive_anon 28672
[  604.803387][T18218] active_anon 0
[  604.806975][T18218] inactive_file 0
[  604.810682][T18218] active_file 20480
[  604.814529][T18218] unevictable 0
[  604.818089][T18218] hierarchical_memory_limit 314572800
[  604.823488][T18218] hierarchical_memsw_limit 9223372036854771712
[  604.830088][T18218] total_cache 0
[  604.833774][T18218] total_rss 28672
[  604.837527][T18218] total_shmem 0
[  604.841016][T18218] total_mapped_file 0
[  604.845090][T18218] total_dirty 0
[  604.848748][T18218] total_writeback 28672
[  604.852993][T18218] total_workingset_refault_anon 1725
[  604.858339][T18218] total_workingset_refault_file 3
[  604.863393][T18218] total_swap 184320
[  604.867337][T18218] total_swapcached 28672
[  604.871660][T18218] total_pgpgin 163329
[  604.875745][T18218] total_pgpgout 163317
[  604.879918][T18218] total_pgfault 187531
[  604.884013][T18218] total_pgmajfault 1036
[  604.888255][T18218] total_inactive_anon 28672
[  604.892776][T18218] total_active_anon 0
[  604.896809][T18218] total_inactive_file 0
[  604.900979][T18218] total_active_file 20480
[  604.905315][T18218] total_unevictable 0
[  604.909458][T18218] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz7,task_memcg=/syz7,task=syz.7.3650,pid=18217,uid=0
[  604.924330][T18218] Memory cgroup out of memory: Killed process 18217 (syz.7.3650) total-vm:96148kB, anon-rss:1264kB, file-rss:22456kB, shmem-rss:0kB, UID:0 pgtables:124kB oom_score_adj:1000
[  605.089123][T18243] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  605.105877][T18243] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  605.295702][ T3511] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  605.698710][T18251] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3661'.
[  605.715860][T18251] netlink: 32 bytes leftover after parsing attributes in process `syz.7.3661'.
[  606.265754][T18258] loop5: detected capacity change from 0 to 512
[  606.319565][T18258] EXT4-fs (loop5): revision level too high, forcing read-only mode
[  606.606581][T18258] EXT4-fs (loop5): orphan cleanup on readonly fs
[  606.658853][T18258] EXT4-fs error (device loop5): ext4_do_update_inode:5617: inode #16: comm syz.5.3664: corrupted inode contents
[  606.671576][T18258] EXT4-fs (loop5): Remounting filesystem read-only
[  606.678946][T18258] EXT4-fs (loop5): 1 truncate cleaned up
[  606.684826][T13268] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  606.695432][T13268] EXT4-fs (loop5): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  606.706514][T13268] EXT4-fs (loop5): Quota write (off=8, len=24) cancelled because transaction is not started
[  606.777260][T18317] 8021q: adding VLAN 0 to HW filter on device bond13
[  606.799844][T18317] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3665'.
[  606.808980][T18317] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3665'.
[  606.878213][T18312] loop4: detected capacity change from 0 to 1024
[  606.885391][T18312] EXT4-fs: Ignoring removed bh option
[  606.891423][T18312] EXT4-fs: inline encryption not supported
[  606.917168][T18312] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  606.948765][T18328] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3669'.
[  606.961655][T18312] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[  606.978818][T18312] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 2: comm syz.4.3663: lblock 2 mapped to illegal pblock 2 (length 1)
[  606.994628][T18312] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 48: comm syz.4.3663: lblock 0 mapped to illegal pblock 48 (length 1)
[  606.999953][T18333] netlink: 'syz.1.3671': attribute type 1 has an invalid length.
[  607.015217][T18312] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.3663: Failed to acquire dquot type 0
[  607.028304][T18312] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  607.038280][T18312] EXT4-fs error (device loop4): ext4_evict_inode:253: inode #11: comm syz.4.3663: mark_inode_dirty error
[  607.049823][T18312] EXT4-fs warning (device loop4): ext4_evict_inode:256: couldn't mark inode dirty (err -117)
[  607.060311][T18312] EXT4-fs (loop4): 1 orphan inode deleted
[  607.060432][ T2992] ==================================================================
[  607.060465][ T2992] BUG: KCSAN: data-race in _prb_read_valid / prb_reserve
[  607.081360][ T2992] 
[  607.083714][ T2992] write to 0xffffffff868dfb10 of 88 bytes by task 18312 on cpu 0:
[  607.091725][ T2992]  prb_reserve+0x6e6/0xad0
[  607.096197][ T2992]  vprintk_store+0x53c/0x830
[  607.100844][ T2992]  vprintk_emit+0x15a/0x5c0
[  607.105398][ T2992]  vprintk_default+0x26/0x30
[  607.106312][T15135] EXT4-fs error (device loop4): ext4_map_blocks:783: inode #3: block 1: comm kworker/u8:35: lblock 1 mapped to illegal pblock 1 (length 1)
[  607.110053][ T2992]  vprintk+0x1d/0x30
[  607.110083][ T2992]  _printk+0x79/0xa0
[  607.132167][ T2992]  __ext4_msg+0x18f/0x1a0
[  607.136549][ T2992]  ext4_orphan_cleanup+0x8e2/0xa00
[  607.141892][ T2992]  ext4_fill_super+0x3411/0x37a0
[  607.146886][ T2992]  get_tree_bdev_flags+0x291/0x300
[  607.152041][ T2992]  get_tree_bdev+0x1f/0x30
[  607.156497][ T2992]  ext4_get_tree+0x1c/0x30
[  607.161039][ T2992]  vfs_get_tree+0x57/0x1d0
[  607.165507][ T2992]  do_new_mount+0x24d/0x6a0
[  607.170055][ T2992]  path_mount+0x4ab/0xb80
[  607.174421][ T2992]  __se_sys_mount+0x28c/0x2e0
[  607.179134][ T2992]  __x64_sys_mount+0x67/0x80
[  607.183776][ T2992]  x64_sys_call+0x2cca/0x3000
[  607.188494][ T2992]  do_syscall_64+0xca/0x2b0
[  607.193661][ T2992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  607.199601][ T2992] 
[  607.201960][ T2992] read to 0xffffffff868dfb10 of 8 bytes by task 2992 on cpu 1:
[  607.209048][T15135] EXT4-fs error (device loop4): ext4_release_dquot:7022: comm kworker/u8:35: Failed to release dquot type 0
[  607.209530][ T2992]  _prb_read_valid+0x383/0x920
[  607.225806][ T2992]  prb_read_valid+0x3c/0x60
[  607.230370][ T2992]  syslog_print+0xeb/0x540
[  607.234846][ T2992]  do_syslog+0x52b/0x7e0
[  607.239137][ T2992]  __x64_sys_syslog+0x41/0x50
[  607.243914][ T2992]  x64_sys_call+0x27ce/0x3000
[  607.248758][ T2992]  do_syscall_64+0xca/0x2b0
[  607.250210][T18333] 8021q: adding VLAN 0 to HW filter on device bond10
[  607.253335][ T2992]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  607.253373][ T2992] 
[  607.268315][ T2992] value changed: 0x0000000000002d00 -> 0x0000000000004d00
[  607.275479][ T2992] 
[  607.277848][ T2992] Reported by Kernel Concurrency Sanitizer on:
[  607.284035][ T2992] CPU: 1 UID: 0 PID: 2992 Comm: klogd Not tainted syzkaller #0 PREEMPT(voluntary) 
[  607.293378][ T2992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  607.303468][ T2992] ==================================================================
[  607.313277][T18337] 8021q: adding VLAN 0 to HW filter on device bond10
[  607.320800][T18337] bond10: (slave vxcan5): The slave device specified does not support setting the MAC address
[  607.332990][T18337] bond10: (slave vxcan5): Error -95 calling set_mac_address
[  607.350169][T18339] macvlan2: entered promiscuous mode
[  607.355692][T18339] macvlan2: entered allmulticast mode
[  607.361688][T18339] bond10: entered promiscuous mode
[  607.367386][T18339] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  607.376567][T18339] bond10: left promiscuous mode
[  607.415249][T13994] EXT4-fs error (device loop4): __ext4_get_inode_loc:4830: comm syz-executor: Invalid inode table block 1 in block_group 0
[  607.428560][T13994] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6298: Corrupt filesystem
[  607.439266][T13994] EXT4-fs error (device loop4): ext4_quota_off:7270: inode #3: comm syz-executor: mark_inode_dirty error