last executing test programs:

2.56194201s ago: executing program 2 (id=524):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000001700000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x80078b, &(0x7f0000000680)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x473, &(0x7f0000000bc0)="$eJzs281rHGUYAPBnJh9t7UdirR+tVaNFCIpJk1btwYui4KGioId6jMm2hG4baaLYUmwqUi+CFPQsHgX/Am8iiHoSvOrFkxSK9tLqKTKzM+1mm02N2WRi9veDzb7vzrs7z5P5eud9dwPoWkPZnyRiR0T8EhEDjeriBkONpxvXzk/+de38ZBILC6//keTtrl87P1k2Ld+3vagMpxHph0mxksVmz547OVGv184U9dG5U2+Pzp4999S7pyZO1E7UTo8fOXL40Nizz4w/3ZE8s7yu73t/Zv/el9+8/Mrksctv/fBVFu+OYnlzHp0ylCX+50KuddnjnV5ZxXY2lZPeCgNhRXoiIttcffnxPxA9cWvjDcRLH1QaHLCmsmvTlvaL5xeATSyJqiMAqlFe6LP73/KxTl2PDeHq840boCzvG8WjsaQ30qJNX8v9bScNRcSx+b8/zx6xRuMQAADNPp787Gh/UV7c/0vjvvz5t/zvrmIOZTAi7o6I3RFxT0TsiYh7I/K290fEA6uM5/b+T3pllR+5rKz/91wxt7W4/1f2/mKwp6jtzPPvS45P12sHi//JcPRtyepjy6zjmxd//qTdsub+X/bI1l/2BYs4rvS2DNBNTcxN5J3SDrh6MWJf71L5JzdnApKI2BsR+1b20bvKwvQTX+5v1+jO+S+jA/NMC19k6c1n+c9HS/6lpHl+cvq2+cnRrVGvHRwt94rb/fjTpdfarX9V+XfA1VrjuWn7tzYZTJrna2dXvo5Lv37U9p7mP+7/aX/yRj7PXJ673puYmzszFtGfHM3ri14fv/Xesl62z/b/4QNLH/+7i/dk+T8YEdlO/FBEPBwRjxSxPxoRj0XEgWXy//6F9svK/COtaPtfjJha8vx3c/9v2f4rL/Sc/O7rduv/d9v/cF4aLl7Jz393sFQ42emiNcDV/O8AAADg/yLNvwOfpCM3y2k6MtL4Dv+euCutz8zOPXl85p3TU43vyg9GX1qOdA0U46H16XptLJkvPrExPjpejBWX46WHinHjT3u25fWRyZn6VMW5Q7fb3ub4z/zeU3V0wBrbtuSr4/3rHghQgdZ59HRx9cKr4WQAm5Xfa0P3usPxn65XHMD6c/2H7rXU8X+hpW4uADYn13/oXo5/6FLpt1VHAFTI9R+60mp+17+Gha0bI4xqCht1o+SFiLKQboh4FNaoUPWZCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDP+CQAA//9Chukd")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0)
faccessat(r2, &(0x7f0000000000)='./file0\x00', 0x5)

2.540275641s ago: executing program 3 (id=526):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f00000004c0)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000b40)={{r0}, &(0x7f00000008c0), &(0x7f0000000880)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000100)='rxrpc_resend\x00', r2}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000001000000080000000c"], 0x50)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$BTRFS_IOC_BALANCE(r1, 0x5000940c, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10)
renameat2(0xffffffffffffffff, &(0x7f0000000b40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0xfe, 0x0, 0x7ffc0002}]})
statx(0xffffffffffffff9c, 0x0, 0x1000, 0xf0cb2f4a0c2cfc5d, &(0x7f0000000080))

2.486569317s ago: executing program 3 (id=528):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f00000009c0)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x72bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=@newtfilter={0x84, 0x2c, 0xd27, 0x70bd1f, 0x25dfdbfc, {0x0, 0x0, 0xf2ff, r4, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x4c, 0x2, [@TCA_FLOWER_ACT={0x48, 0x3, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x9, 0x9, 0x20000000, 0x9}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}, @TCA_RATE={0x6, 0x5, {0xf0, 0x8}}]}, 0x84}, 0x1, 0x0, 0x0, 0x8848}, 0x80)

2.45643124s ago: executing program 0 (id=529):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000001300)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000040000000000000000000002"], 0x0, 0x40}, 0x28)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, 0x0, 0x0)
sendmsg$can_bcm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)={0x5, 0x0, 0x1, {0x0, 0xea60}, {}, {0x801}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "3fae8a9ad451a727"}}, 0x48}}, 0x0)
sendmsg$can_bcm(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="050000000808"], 0x80}}, 0x0)
sendmsg$can_bcm(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={0x5, 0x0, 0x0, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "3acf1ec7ae70bb24"}}, 0x48}}, 0x0)
r3 = getpid()
timer_create(0x5, &(0x7f0000000040)={0x0, 0x35, 0x1, @tid=r3}, &(0x7f00000000c0))
sendto$inet6(r1, &(0x7f0000000080)="b1", 0xfffd, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r4 = syz_open_dev$hidraw(&(0x7f0000000200), 0x8000000000000000, 0x0)
write$hidraw(r4, &(0x7f0000000400)="b4f5c9b1b2ac9ad70fbc44f3d8a77c26163605866f0364b6849cbc3fa9bf8e4a99846a07a6f4ce067eb9948170a5ec6280c4336e022d8780711042b7c9459633bdfd500d6a06426dbbd627aa6130aa5ff6cb78f3229bdd4046964cbefe32e4ac1c25674f9c0bef4d24bd4c5d608becebd3", 0x71)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r6, &(0x7f0000004200)='t', 0x1)
r7 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x389b0d52417bb201)
pwritev2(r7, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x69000}], 0x1, 0x7000, 0x0, 0x3)
r8 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000380)={'team0\x00', <r11=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000600)={@remote, 0x7d, r11})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r10}, 0x18)
pwritev2(r8, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xfffffdd6}], 0x1, 0x9c00, 0x0, 0x3)
sendfile(r6, r5, 0x0, 0x7ffff000)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000100)={0x5, 0xf, 0xff, 0x8, 0x0, 0x6, 0x9, 0xbe, 0xfe, 0x3, 0x3d, 0x26, 0x40, 0x1}, 0xe)
close_range(r0, 0xffffffffffffffff, 0x0)

2.221392183s ago: executing program 0 (id=530):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x18)
perf_event_open(0x0, 0x0, 0xfff7ffffffffffff, 0xffffffffffffffff, 0x1)
openat$nvram(0xffffffffffffff9c, 0x0, 0x20100, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000580)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000400)=ANY=[@ANYRES32=r0], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x10)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="02030000002cbd7000fcdbdf2502000900080000001c0000000000000005000500000000000a00000000000000000000000000000000000000000000010700000000000000"], 0x48}, 0x1, 0x7}, 0x0)
perf_event_open(&(0x7f0000001180)={0xa, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x440, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb7, 0x2, @perf_config_ext={0x80, 0xffffffffffffffff}, 0x10000, 0x3, 0x5, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000d}, 0x0, 0xffffff8000000000, 0xffffffffffffffff, 0x0)
syz_io_uring_setup(0x111, &(0x7f0000000340)={0x0, 0x11, 0x2, 0x4}, 0x0, 0x0)
syz_io_uring_setup(0x6d3b, &(0x7f0000000340)={0x0, 0x8f71, 0x10100, 0x3, 0x3cd}, 0x0, &(0x7f0000000040))
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='mm_page_free\x00', r3}, 0x18)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x200000005c831, 0xffffffffffffffff, 0x0)
write$sndseq(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x0, 0x0})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x8, 0x80, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x30046, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000080)}, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x400}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000070000000300000048"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000500000001811000036e2a9c79f19d2dc691c6889f83a672548df9848758c23054b5b5291c438f7b8486cb566f43c388a8a2c79843f0fc2460c9e19d181cecf8b60954f8728c6e597a284bec2496efb394f71ffb389720e204738587f938a39b69909728706b65a810bb85549ffcc7f2ca4ce535cc5d7fe8f47e68559c059", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40004}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r5}, 0x18)

2.186455026s ago: executing program 3 (id=531):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, &(0x7f0000000900)=""/4096)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$l2tp6(0xa, 0x2, 0x73)
r4 = syz_io_uring_setup(0x7025, &(0x7f0000000300)={0x0, 0x2000, 0x10100, 0x1}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000180)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r3, 0x80, &(0x7f0000000540)=@l2tp6={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @multicast2}, 0xbf6b, 0x2}})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x300000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
io_uring_enter(r4, 0x5b43, 0x0, 0x20, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), &(0x7f0000000300)=@v1={0x1000000, [{0xb0fc}]}, 0xc, 0x3)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
r7 = geteuid()
quotactl_fd$Q_GETINFO(r1, 0xffffffff80000501, r7, &(0x7f0000000040))
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073794f310000000008000440080000000900010073797a3000000000080003400000000114000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f5"], 0x34}, 0x1, 0x0, 0x0, 0x66df5cfbe53006d1}, 0x0)

2.14782624s ago: executing program 2 (id=532):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000580), 0x5c8600, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'})
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f00000000c0)=ANY=[@ANYBLOB="2300030000000000"], 0x8)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x8800, 0x0)
ioctl$TCSETSW2(r3, 0x5453, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5, 0x0, 0xffffffffffff8001}, 0x18)
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f00000002c0)='./file0\x00', 0x3a32017, &(0x7f0000000480)={[{@nomblk_io_submit}, {@debug}]}, 0x1, 0xbab, &(0x7f0000002380)="$eJzs3M1rHGUYAPBnJpvvtIkiaotgQKqiuE2bUqGn1rOooAePjcmmhmw/TCKY0ENa7+pBxENB+icI3u3Fk+ChHrT+BUUsUvTS9rAy+5Gu3ew2ppsdk/5+8Gbed97ZfZ4n0+y8AzsN4LE1mf1IIw5ExOkkYry+P42IgWpvKGK9dtzd2xdns5ZEpfLun0kkEXHn9sXZxnsl9e1ofTAUEdffSOLJT1vjLq+uLc6Uy6Wl+vjwytkLh5dX115bODtzpnSmdO7Y9OvHpo9PT3ex1psXPvj6uZ/fevHy1c+m3v5q/49JnIyx+lxzHd0yGZMbv5NmhYiY6XawnPTV62muMynkmBAAAB2lTWu4p2M8+uL+4m08fvgl1+QAAACArqj0RVQAAACAPS5x/w8AAAB7XON7AHduX5xttHy/kdBbt05FxESt/sbzzbWZQqxXt0PRHxEjfyXR/FhrUnvZI5vMIn33UylrsUPPIXeyfikint3s/CfV+ieqT3G31p9GxFQX4k8+MN5N9Z/sQvy86wfg8XTtVO1C1nr9SzfWP7HJ9a+wybVrO/K+/jXWf3db1n/36+9rs/57Z4sxDt575Xq7ueb13/uf/zaXxc+2j1TUf/BhEnGwsFn9yUb9SZv6T28xxujszSvt5rL6s3obrdf1V65GHKqu5lrrb0g6/f9Eh+cXyqWp2s9N3n/1eOf4zec/a1n8xr1AL9y6FDES2zv/F7YYY+KZPw60m3t4/envA8l71d5Afc8nMysrS0ciBpI3W/cf7ZxL45jGe2T1v/xC57//zerPPhPW67+H7F/Ppfo2G19+IObooaPfbr/+nZXVP7fN8//FFmN88/2Vj9rN5V0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALtDGhFjkaTFjX6aFosRoxHxVIyk5fPLK6/On//43Fw2FzER/en8Qrk0FRHjtXGSjY9U+/fHRx8YT8e+arwvx4er4+Ls+fJc3sUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwYTQixiJJixGRRsTf42laLOadFQAAANB1E3knAAAAAOw49/8AAACw97Xc/xf+NRrqZS4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsSU88f+1GEhHrJ4arLTNQn+vPNTNgp6VbO2xkp/MAeq8v7wSA3BSa+pVKpZJjKkCPuccHkofMD7WdGex6LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8f7104NqNJCLWTwxXW2agPtff9lXtZ4DdI807ASA3fZ0mk4fuAHaxQt4JALlxJw/UVvb3KjWt80NtXzn4yFEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2D3Gqi1JixGRVvtpWixG7IuIiehP5hfKpamI2B8Rv473D2bjI3knDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNctr64tzpTLpSUdHZ0udoajZ7GG63/MbY4ZbD/VoZPzBxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALlYXl1bnCmXS0vLeWcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5G15dW1xplwuLe1gJ+8aAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIzz8BAAD//2AICK4=")
syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x1a2100)
r6 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file2\x00', 0x42, 0x0)
pwrite64(r6, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
lseek(r6, 0x5, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0xf)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r7, 0x10e, 0x4, &(0x7f0000000080)=0x100, 0x4)
bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x590, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0xfff, 0x0, 0x3, 0x8, 0x20005, 0x8, 0x0, 0x0, 0x0, 0x64f1}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[], 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x4004010)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000c00)='net_dev_start_xmit\x00', r8}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x6, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18020000a8ffffff00000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)
creat(&(0x7f0000000080)='./bus\x00', 0x0)
mount(&(0x7f0000000280)=@filename='./file2\x00', &(0x7f0000000200)='./bus\x00', &(0x7f0000000340)='afs\x00', 0x8c, &(0x7f0000000300)='trans=rdma,')
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100)="290000002000190f00003fffffffda060200000000e80001dd0000040d000600ea1100200005000000", 0x29}], 0x1)

1.933540491s ago: executing program 3 (id=533):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000004d00000600000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
clock_nanosleep(0x9, 0x0, &(0x7f0000000080)={0x0, 0x3938700}, 0x0)
syz_emit_ethernet(0x3b6, &(0x7f00000009c0)={@link_local, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x380, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a741e54006598080a8030000004023493b87aafaff0500ffffffe723732472eefa45ad96579269748e254c1e4a948b580a9bc430d3be27df3e34060000ca0a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000100000000001995319cff"}, {0x3, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d89310000000000"}, {0x3, 0xb, "d47ae6e8805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x2000000000000040, "fcf98a102ec1876d4e6fa3b20519bbaa8a029cee00b8d3485e3b63ed09bdb581c9fe68a356f542b043059ff05932e740e077e1d16212fb"}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa76ffff9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4828288e62afbf03269f1f98aea6a58cf45d7c5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c258a6f"}, {0x0, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02c226a6bce65f81ed"}]}}}}}}, 0x0)
r2 = socket$kcm(0x29, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409e011f1264d43f153b3d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7000026a4e739c60f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf3f704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eedd9068ca1457870eb30d219e23ccc8e06dddeb61799257ab5000013c86ba99523d61a00000000c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb8629aeec90e6d1857da822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c5e13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae200f279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522e8dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87995b51cb6febd5f34a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be10ba7dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2db484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b00ffffff7f000000000801f71d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cf0d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67856ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e2b8e7370baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b09000000d31df213c802d74797056fd3bca8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221fff0f0000705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f14fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008f3a20b49fe7636806867283e35cff8d00e7b251bab3cf6377a24f8e8d4bda7503674bc94bf7f4d2fa6f25944bf0a186436d9f6831995976328a1fdc78492c65c1434855dc35c3cf7cf9610c5387794443c99b304799114132362849c3fa85d6379729ff9094933db0cfbe8887c50b87e1469fdf454cef4cbc5f7bf384000000000000a4e8c1a25f47c440144a9776be6cb40aafdb9d3cc8f6a6050974e1c4000000000000008b753f4e1bef9556efcc087a99dbf231167013a4b2eaf6338a0b100c98a331dffc09"], &(0x7f0000000140)='GPL\x00'}, 0x48)
r4 = socket$kcm(0x2, 0x1, 0x0)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r6}, 0x10)
inotify_rm_watch(0xffffffffffffffff, 0x0)
sendmsg$inet(r4, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x20000811)
ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000040)={r4, r3})
r7 = socket(0x2, 0x2, 0x1)
sendmsg$rds(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000380)=[{0x0, 0x2a}, {&(0x7f00000002c0)=""/144, 0x90}], 0x2, 0x0, 0x0, 0x4}, 0x20000000)
setsockopt$sock_int(r4, 0x1, 0x20, &(0x7f0000000180)=0x5, 0x4)
socket$nl_xfrm(0x10, 0x3, 0x6)

1.856012269s ago: executing program 3 (id=534):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000e80)={[{@noblock_validity}, {}, {@sysvgroups}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a00)={0x5, 0x2000000000000217, &(0x7f0000000180)=ANY=[@ANYBLOB="1804000000000000000000000000000018010000696c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xc94284a3061bb7fe, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r1 = gettid()
rt_sigaction(0x1b, &(0x7f0000000040)={0xfffffffffffffffc, 0x4c000000, 0x0, {[0x8000000000005a]}}, 0x0, 0x8, &(0x7f00000001c0))
tkill(r1, 0x1b)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.events\x00', 0x275a, 0x0)

1.748159789s ago: executing program 2 (id=536):
r0 = socket$unix(0x1, 0x5, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b708000000000e007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000020850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = openat$urandom(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$RNDADDENTROPY(r3, 0x40085203, &(0x7f0000000340)={0xfffffff9})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10)
semtimedop(0x0, 0x0, 0x0, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000080)={'bridge0\x00', &(0x7f00000000c0)=@ethtool_regs={0x4, 0x0, 0x4, "f42a97b9"}})

1.514510982s ago: executing program 2 (id=541):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000580), 0x5c8600, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'})
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f00000000c0)=ANY=[@ANYBLOB="2300030000000000"], 0x8)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x8800, 0x0)
ioctl$TCSETSW2(r3, 0x5453, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5, 0x0, 0xffffffffffff8001}, 0x18)
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f00000002c0)='./file0\x00', 0x3a32017, &(0x7f0000000480)={[{@nomblk_io_submit}, {@debug}]}, 0x1, 0xbab, &(0x7f0000002380)="$eJzs3M1rHGUYAPBnJpvvtIkiaotgQKqiuE2bUqGn1rOooAePjcmmhmw/TCKY0ENa7+pBxENB+icI3u3Fk+ChHrT+BUUsUvTS9rAy+5Gu3ew2ppsdk/5+8Gbed97ZfZ4n0+y8AzsN4LE1mf1IIw5ExOkkYry+P42IgWpvKGK9dtzd2xdns5ZEpfLun0kkEXHn9sXZxnsl9e1ofTAUEdffSOLJT1vjLq+uLc6Uy6Wl+vjwytkLh5dX115bODtzpnSmdO7Y9OvHpo9PT3ex1psXPvj6uZ/fevHy1c+m3v5q/49JnIyx+lxzHd0yGZMbv5NmhYiY6XawnPTV62muMynkmBAAAB2lTWu4p2M8+uL+4m08fvgl1+QAAACArqj0RVQAAACAPS5x/w8AAAB7XON7AHduX5xttHy/kdBbt05FxESt/sbzzbWZQqxXt0PRHxEjfyXR/FhrUnvZI5vMIn33UylrsUPPIXeyfikint3s/CfV+ieqT3G31p9GxFQX4k8+MN5N9Z/sQvy86wfg8XTtVO1C1nr9SzfWP7HJ9a+wybVrO/K+/jXWf3db1n/36+9rs/57Z4sxDt575Xq7ueb13/uf/zaXxc+2j1TUf/BhEnGwsFn9yUb9SZv6T28xxujszSvt5rL6s3obrdf1V65GHKqu5lrrb0g6/f9Eh+cXyqWp2s9N3n/1eOf4zec/a1n8xr1AL9y6FDES2zv/F7YYY+KZPw60m3t4/envA8l71d5Afc8nMysrS0ciBpI3W/cf7ZxL45jGe2T1v/xC57//zerPPhPW67+H7F/Ppfo2G19+IObooaPfbr/+nZXVP7fN8//FFmN88/2Vj9rN5V0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALtDGhFjkaTFjX6aFosRoxHxVIyk5fPLK6/On//43Fw2FzER/en8Qrk0FRHjtXGSjY9U+/fHRx8YT8e+arwvx4er4+Ls+fJc3sUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwYTQixiJJixGRRsTf42laLOadFQAAANB1E3knAAAAAOw49/8AAACw97Xc/xf+NRrqZS4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsSU88f+1GEhHrJ4arLTNQn+vPNTNgp6VbO2xkp/MAeq8v7wSA3BSa+pVKpZJjKkCPuccHkofMD7WdGex6LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8f7104NqNJCLWTwxXW2agPtff9lXtZ4DdI807ASA3fZ0mk4fuAHaxQt4JALlxJw/UVvb3KjWt80NtXzn4yFEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2D3Gqi1JixGRVvtpWixG7IuIiehP5hfKpamI2B8Rv473D2bjI3knDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNctr64tzpTLpSUdHZ0udoajZ7GG63/MbY4ZbD/VoZPzBxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALlYXl1bnCmXS0vLeWcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5G15dW1xplwuLe1gJ+8aAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIzz8BAAD//2AICK4=")
syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x1a2100)
r6 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file2\x00', 0x42, 0x0)
pwrite64(r6, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
lseek(r6, 0x5, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0xf)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r7, 0x10e, 0x4, &(0x7f0000000080)=0x100, 0x4)
bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x590, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0xfff, 0x0, 0x3, 0x8, 0x20005, 0x8, 0x0, 0x0, 0x0, 0x64f1}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[], 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x4004010)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000c00)='net_dev_start_xmit\x00', r8}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x6, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18020000a8ffffff00000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)
creat(&(0x7f0000000080)='./bus\x00', 0x0)
mount(&(0x7f0000000280)=@filename='./file2\x00', &(0x7f0000000200)='./bus\x00', &(0x7f0000000340)='afs\x00', 0x8c, &(0x7f0000000300)='trans=rdma,')
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100)="290000002000190f00003fffffffda060200000000e80001dd0000040d000600ea1100200005000000", 0x29}], 0x1)

1.511427572s ago: executing program 0 (id=542):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1], 0x54}, 0x1, 0x0, 0x0, 0x4}, 0x4000004)

1.484302135s ago: executing program 0 (id=544):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000580), 0x5c8600, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r1, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'})
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_RTHDR(r2, 0x29, 0x39, &(0x7f00000000c0)=ANY=[@ANYBLOB="2300030000000000"], 0x8)
r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x8800, 0x0)
ioctl$TCSETSW2(r3, 0x5453, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000a00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r5, 0x0, 0xffffffffffff8001}, 0x18)
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f00000002c0)='./file0\x00', 0x3a32017, &(0x7f0000000480)={[{@nomblk_io_submit}, {@debug}]}, 0x1, 0xbab, &(0x7f0000002380)="$eJzs3M1rHGUYAPBnJpvvtIkiaotgQKqiuE2bUqGn1rOooAePjcmmhmw/TCKY0ENa7+pBxENB+icI3u3Fk+ChHrT+BUUsUvTS9rAy+5Gu3ew2ppsdk/5+8Gbed97ZfZ4n0+y8AzsN4LE1mf1IIw5ExOkkYry+P42IgWpvKGK9dtzd2xdns5ZEpfLun0kkEXHn9sXZxnsl9e1ofTAUEdffSOLJT1vjLq+uLc6Uy6Wl+vjwytkLh5dX115bODtzpnSmdO7Y9OvHpo9PT3ex1psXPvj6uZ/fevHy1c+m3v5q/49JnIyx+lxzHd0yGZMbv5NmhYiY6XawnPTV62muMynkmBAAAB2lTWu4p2M8+uL+4m08fvgl1+QAAACArqj0RVQAAACAPS5x/w8AAAB7XON7AHduX5xttHy/kdBbt05FxESt/sbzzbWZQqxXt0PRHxEjfyXR/FhrUnvZI5vMIn33UylrsUPPIXeyfikint3s/CfV+ieqT3G31p9GxFQX4k8+MN5N9Z/sQvy86wfg8XTtVO1C1nr9SzfWP7HJ9a+wybVrO/K+/jXWf3db1n/36+9rs/57Z4sxDt575Xq7ueb13/uf/zaXxc+2j1TUf/BhEnGwsFn9yUb9SZv6T28xxujszSvt5rL6s3obrdf1V65GHKqu5lrrb0g6/f9Eh+cXyqWp2s9N3n/1eOf4zec/a1n8xr1AL9y6FDES2zv/F7YYY+KZPw60m3t4/envA8l71d5Afc8nMysrS0ciBpI3W/cf7ZxL45jGe2T1v/xC57//zerPPhPW67+H7F/Ppfo2G19+IObooaPfbr/+nZXVP7fN8//FFmN88/2Vj9rN5V0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALtDGhFjkaTFjX6aFosRoxHxVIyk5fPLK6/On//43Fw2FzER/en8Qrk0FRHjtXGSjY9U+/fHRx8YT8e+arwvx4er4+Ls+fJc3sUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwYTQixiJJixGRRsTf42laLOadFQAAANB1E3knAAAAAOw49/8AAACw97Xc/xf+NRrqZS4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsSU88f+1GEhHrJ4arLTNQn+vPNTNgp6VbO2xkp/MAeq8v7wSA3BSa+pVKpZJjKkCPuccHkofMD7WdGex6LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8f7104NqNJCLWTwxXW2agPtff9lXtZ4DdI807ASA3fZ0mk4fuAHaxQt4JALlxJw/UVvb3KjWt80NtXzn4yFEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2D3Gqi1JixGRVvtpWixG7IuIiehP5hfKpamI2B8Rv473D2bjI3knDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNctr64tzpTLpSUdHZ0udoajZ7GG63/MbY4ZbD/VoZPzBxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALlYXl1bnCmXS0vLeWcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA5G15dW1xplwuLe1gJ+8aAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADIzz8BAAD//2AICK4=")
syz_open_dev$vcsa(&(0x7f0000000000), 0x1, 0x1a2100)
r6 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file2\x00', 0x42, 0x0)
pwrite64(r6, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
lseek(r6, 0x5, 0x4)
socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$netlink(0x10, 0x3, 0xf)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r7, 0x10e, 0x4, &(0x7f0000000080)=0x100, 0x4)
bind$netlink(r7, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x26, 0x1, 0x0, 0x0, 0x0, 0x7, 0x590, 0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, @perf_config_ext={0x8, 0x6}, 0x0, 0xfff, 0x0, 0x3, 0x8, 0x20005, 0x8, 0x0, 0x0, 0x0, 0x64f1}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000580)=ANY=[], 0x58}, 0x1, 0x0, 0x0, 0x4}, 0x4004010)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000005c0)='sched_switch\x00'}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x6, 0x3, &(0x7f0000000100)=ANY=[@ANYBLOB="18020000a8ffffff00000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000)
creat(&(0x7f0000000080)='./bus\x00', 0x0)
mount(&(0x7f0000000280)=@filename='./file2\x00', &(0x7f0000000200)='./bus\x00', &(0x7f0000000340)='afs\x00', 0x8c, &(0x7f0000000300)='trans=rdma,')
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100)="290000002000190f00003fffffffda060200000000e80001dd0000040d000600ea1100200005000000", 0x29}], 0x1)

1.191451504s ago: executing program 1 (id=546):
socket$xdp(0x2c, 0x3, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
syncfs(r0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x73cea2d47785b264, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="190000000400000004000000"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r1}, &(0x7f0000001c00), &(0x7f0000001c40)=r2}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000011008188040f46ecdb4cb9cca7480e1211000000e3bd012a128748b429021627e305dd2b7a146efb4400", 0x2e}], 0x1}, 0x24000000)

1.148791478s ago: executing program 1 (id=547):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_ext_remove_space_done\x00', r1}, 0x10)
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x18000, &(0x7f0000000000), 0x1, 0x632, &(0x7f0000001280)="$eJzs3c9rHNcdAPDvzEqyZauVXUqpTUsFPdhQvJZcU7c92e6hPhhqqA8h5GBhSY7w+geWDLZjsAw5JJBACLmG4Ev+gZBr0DXkFgKJbzkHnBCc5JAEb5jZWWuz2rU3kla78Xw+MDNvfmjf++7s2/dmZkcTQGlNZaM0Yl9EnEsiJlvWTURj5VSx3cOvb5/PhiTq9f9/lURSLGtu/6iY7s5GSeNvPj4Z8bvK+nyXbt66OFurN9yJOLx86erhpZu3Di1emr0wf2H+8syRfx49Nv2vmQ+3Js7dxfTU6f/96fWXX/zHwie1Q0kcj7OjL81FWxxbZarx7kYWYuvykYg4liU6vC+wnSrF53E0Iv4Qk1HJ5xomY/G1gRYO6Kt6pdE+1cfqQOkk0UwMuCDANmv2A5rH9v04Dh5mD05k4xsd4h8pjt535sdGux4mLUdG2dKIPVuQ/0pE/Hh7/9vZEF3OQ4xsQT5d878bEX/stP+TPP49eaRZ/GmkLX+XpaeLcxtZ+f6ziTIkLenePn93NpHbz/2S+Fv3Qxb/8WKaLT/Z5fWfdopnqm2+bPUPgMFYPVE05FlHJNbav6xn2Oz/RHv/p/5+fm2ove3aiO7tX7oFr/50ef9vpFP732zvd+ZteNrWD0ti5dsznV9ytH3B56+eerNb/lMt/b9syPJv9gV7sOmu4YO7Efvb4n8lf+uTx/s/6dD/zfp753rM47+ffnmq27pNxr9p9XsRBzoe/6z1SrNU2/XJJJrXJ4/OHF5YrM1PN8Yd8/jgoxfe7Zb/oOPP9v+uLvE/af9ny672mMd7Z+5daqR2rFs38dT40y/GkrN5aiwfr1WvseR0sUljcmN2efnakSeXpblNPp1pxH/wr53rf5f484OP8eZXZg+uPnfxYbd1m9z/j+o9bthNFv/cBvf/Gz3m8d3z1//cbd36+NfOSYxvNCgAAAAAAAAoqTS/Bpuk1cfpNK0WF95+H7vS2pWl5b8tXLl+eS7iYP57yNG0eaV7sjGfZPMzxe9hm/NH2ub/HhF7I+Ktyng+Xz1/pTY36OABAAAAAAAAAAAAAAAAAABgSOwu7v9/VDwP7JtKmlargy4VsG36+YA5YLip/1Beef3fnuetAUNG+w/l1bH++1KAUlDVobzUfygv9R/KS/2H8lL/oby61/91a+72uywAAAAAwJbZ+5fV+yMRsfLv8XzIjBXrRgdaMqDf1HEor8qgCwAMzOML/G7/h9Lpqf//ffHPAftfHGAAkpb0SjORdw7qT678q0nfywYAAAAAAAAAAAAANBzYt3o/cf8/lJLb/qC8Nnb/f2XjfwoMjU7/+t/jQKAcHONDyfVwEmBntxXu/wcAAAAAAAAAAACAbTORD0laLX4GPBFpWq1G/CYi9sRosrBYm5+OiN9GxGeV0R3Z/MygCw0AAAAAAAAAAAAAAAAAAADPmKWbty7O1mrz11oTP6xb8mwnmk88HZbytCYi6XsWabQtGY+IYYi9P4mRliVJxEq257filZPNf35iGN6fIjHgLyYAAAAAAAAAAAAAAAAAACihlnuPO9v/zjaXCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC239rz//uXGHSMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCv008BAAD//xS+O5U=")

1.12709872s ago: executing program 2 (id=548):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0x0, 0x0, &(0x7f00000023c0), 0x0, 0x100, 0x2000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000300)=ANY=[@ANYBLOB="02000000010004000000000008000500a9930000100000000000000020"], 0x24, 0x0)
r0 = perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x80, 0x8, 0x4, 0x0, 0x0, 0x6, 0x20202, 0x4, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x3, 0x2, @perf_config_ext={0x100000001, 0x400}, 0x5010, 0x102, 0x9, 0x5, 0x8, 0x100, 0x9, 0x0, 0x200, 0x0, 0x7}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'netdevsim0\x00'})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="18000000002c0000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x60, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="0b00000073790101000000000000000000000000000af7f4f0c55de8ca0000000000000000000000000000000000000000f3c800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff00000000000000000000000000000020000000000000030000000000000000000000004119202532aeecfcdbb73887feb3f14db126c935954a335f6469a793"], 0x138)
write$UHID_DESTROY(r4, &(0x7f0000000340), 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10)
pipe2(&(0x7f0000001cc0)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3dec214637297dee14200800000000000000831715ce290d81665a4f78aa2e2aa9bc7fd446ee7eaebc3c4f9184fb7c7e8c12a80f2c2f17cd66de0000", @ANYRES16=r0, @ANYRES64=r1, @ANYRESHEX=r5, @ANYBLOB="2c756e616d653dd0aedec1aa20ffd81d1bf89329217cb058a396eda2ab40a26d93dd083c0074dcab6cab21ae16c4cdf97bdc355f3b41d27b654301345cb3c4cec37953322d01beaa7257964fd30fe2d72f171da72e389f382dea3c8d91906aead5d5aeccc097ef1092ea987c2b00000000000000002c00"])
r6 = syz_clone(0x40109000, 0x0, 0x0, 0x0, 0x0, 0x0)
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r7)
sendmsg$IEEE802154_LIST_PHY(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x14, r8, 0x30b, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4851}, 0x24004804)
r9 = socket(0x2, 0x80805, 0x0)
setsockopt(r9, 0x84, 0x7c, &(0x7f0000000440)="00000800b9000000", 0x63)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.bfq.time_recursive\x00', 0x275a, 0x0)
ioctl$FIBMAP(r10, 0x1, &(0x7f0000000080)=0x10001)
ioctl$BINDER_FREEZE(0xffffffffffffffff, 0x400c620e, &(0x7f0000000140)={r6, 0x1, 0x6})

1.003234142s ago: executing program 2 (id=549):
syz_usb_connect(0x6, 0x24, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000280)='./file1\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x1219, &(0x7f0000001100)="$eJzs28FrXEUcB/BfkqapqclGrdUWxEEvFeTR5OBFL0FSkC4obSO0gvBqXnTJczfkLYEVsXry6t8hggjeBPGml1z8DwRvuXisID7JrrZd3RVWQjfI53PZH8z7zs7ssAuzzBy+8tn7O9tVtp13Y3ZmJmZ3I9LdFClm4y8fxwsvf//DM9dv3rq63mxuXEvpyvqN1ZdSSsvPfvvWh18891337JtfL3+zEAcrbx/+svbzwfmDC4e/33ivVaVWldqdbsrT7U6nm98ui7TVqnaylN4oi7wqUqtdFXtD7dtlZ3e3l/L21tLi7l5RVSlv99JO0UvdTuru9VL+bt5qpyzL0tJiMLlT96rNz+/WdR1R1/NxOuq6rh+JxTgbj8ZSLEcjVuKxeDyeiHPxZJyPp+Lp+OqnL3tHCQAAAAAAAAAAAAAAAAAAAOD4THr//0L/qWmPGgAAAAAAAAAAAAAAAAAAAP5frt+8dXW92dy4ltKZiPLT/c39zcHroH19O1pRRhGXoxG/Rf/2/8CgvvJac+Ny6luJT8o7f+bv7G/ODedXoxEvjs6vDvJpOL8Qiw/m16IR50bl52NtZP5MXHr+gXwWjfjxnehEGVtxlL3//h+tpvTq682/5S/2nxtv7mEsDwAAAByLLN0zcv+eZePaB/kJ/h8Y2l8fZS+emurUiYiq98FOXpbFnmJkcelkDKNfnD7ODucjYrLUr3VdT/9DmFIx/puyEBH/ueeZiDgZE/xHMe1fJh6G+4s+7ZEAAAAAAAAAAAAwibHHABf+7YTg3ETHCac9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YAeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfBUAAP//0AbP3Q==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
ftruncate(r0, 0x2000009)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x141042, 0x0)
pwritev2(r1, &(0x7f00000001c0)=[{&(0x7f0000000400)="ba", 0xfdef}], 0x1, 0xe7b, 0xf6ff, 0x1)

918.96224ms ago: executing program 0 (id=550):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000000040)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
tkill(0x0, 0x4)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000200), 0x4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_NET_GET(r2, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00'}, 0x10)
r3 = socket$inet6(0xa, 0x3, 0xff)
setsockopt$inet6_int(r3, 0x29, 0x16, &(0x7f0000fcb000), 0x4)
setsockopt$inet6_int(r3, 0x29, 0x16, &(0x7f0000fcb000)=0x80, 0x4)

592.183792ms ago: executing program 0 (id=551):
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r1, 0x6, 0x21, 0x0, &(0x7f0000000140))
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x5, r2}, 0x38)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0xd, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfe9d, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={0x0, r3}, 0x18)
r4 = io_uring_setup(0x6c4, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
pwritev2(0xffffffffffffffff, &(0x7f0000000240)=[{}], 0x1, 0x9c00, 0x0, 0x3)
r5 = accept4$x25(r2, &(0x7f0000000280)={0x9, @remote}, &(0x7f0000000300)=0x12, 0x80000)
bind(r5, &(0x7f00000006c0)=@llc={0x1a, 0x205, 0x9, 0x3, 0x4, 0x4, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, 0x80)
listen(r0, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
socket$inet6(0xa, 0x1, 0x80000001)
socket$inet(0x2, 0x1, 0x0)
syz_open_dev$usbfs(&(0x7f0000000080), 0x3, 0x80000)
connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r7 = accept(r0, 0x0, 0x0)
sendmsg$NL80211_CMD_GET_MPP(r7, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000005c0)=ANY=[], 0x20}}, 0x40000)
recvfrom(r6, &(0x7f0000000180)=""/60, 0xfffffffffffffecb, 0x0, 0x0, 0x0)

589.529162ms ago: executing program 1 (id=552):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r1}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB='\n\x00\x00'], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r4}, 0x10)
setsockopt$sock_attach_bpf(r2, 0x1, 0x1d, &(0x7f00000001c0), 0x4)
ioctl$SNDRV_TIMER_IOCTL_INFO(0xffffffffffffffff, 0x80e85411, &(0x7f0000000080))
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000800000001"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r5, @ANYBLOB="0000000000000000b703000000e00000850000001b000000b700000000fa000095"], &(0x7f00000003c0)='GPL\x00', 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f0000000200)='kmem_cache_free\x00', r6}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000400)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
set_robust_list(&(0x7f0000000440)={0x0, 0x1}, 0x18)

285.791042ms ago: executing program 1 (id=553):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff) (async)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000fd0f000007"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r3=>r0, {0x5b9}}, './file0\x00'})
fcntl$setlease(r3, 0x400, 0x2)
r4 = socket$kcm(0x2, 0x200000000000001, 0x106)
setsockopt$sock_attach_bpf(r4, 0x1, 0x4c, 0x0, 0x0) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000540)={{r1}, &(0x7f00000004c0), &(0x7f0000000500)='%-010d \x00'}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000240)='device_pm_callback_end\x00', r2, 0x0, 0xb7a2}, 0xf)
r5 = socket$netlink(0x10, 0x3, 0x10)
setsockopt$sock_int(r5, 0x1, 0x8, &(0x7f0000000000), 0x4)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$kcm(0x10, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0xe, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="620ac4ff0000000071107f000000000095"], &(0x7f0000000480)='GPL\x00'}, 0x94)
sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0xa00, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x8000)

173.894173ms ago: executing program 1 (id=554):
openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={&(0x7f00000003c0)='kmem_cache_free\x00', r1}, 0x10)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)
sendmmsg$inet6(r0, &(0x7f00000002c0)=[{{&(0x7f0000000400)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @empty}, 0xfffffffd}, 0x1c, 0x0}}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000000280)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2a}, 0x7}], 0x1, 0x12141, 0x0)

167.329124ms ago: executing program 4 (id=555):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x18)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=@newsa={0x150, 0x10, 0x713, 0x0, 0x0, {{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in6=@local}, {@in=@local, 0x4d5, 0x33}, @in=@multicast1, {0x7, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {}, {0x0, 0x20}, 0x0, 0x0, 0x2}, [@algo_auth_trunc={0x5d, 0x14, {{'cmac(aes)\x00'}, 0x88, 0x0, "3509fe8fd57fd44aa5074c506f4dbc700e"}}]}, 0x150}}, 0x0)

154.632655ms ago: executing program 3 (id=556):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000001300)=ANY=[@ANYBLOB="9feb01001800000000000000240000002400000004000000000000000000000203000000020000000000000700000000000000000000000d02000000000051"], 0x0, 0x40}, 0x20)
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r2, &(0x7f00000000c0), 0x10)
sendmsg$can_bcm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000480)={0x5, 0x0, 0x1, {0x0, 0xea60}, {}, {0x801}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "3fae8a9ad451a727"}}, 0x48}}, 0x0)
sendmsg$can_bcm(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="050000000808"], 0x80}}, 0x0)
sendmsg$can_bcm(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
r3 = getpid()
timer_create(0x5, &(0x7f0000000040)={0x0, 0x35, 0x1, @tid=r3}, &(0x7f00000000c0))
sendto$inet6(r1, &(0x7f0000000080)="b1", 0xfffd, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f00000002c0)='./bus\x00', 0x404, &(0x7f0000000580)={[{@orlov}, {@min_batch_time={'min_batch_time', 0x3d, 0x4}}]}, 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=")
r4 = syz_open_dev$hidraw(&(0x7f0000000200), 0x8000000000000000, 0x0)
write$hidraw(r4, &(0x7f0000000400)="b4f5c9b1b2ac9ad70fbc44f3d8a77c26163605866f0364b6849cbc3fa9bf8e4a99846a07a6f4ce067eb9948170a5ec6280c4336e022d8780711042b7c9459633bdfd500d6a06426dbbd627aa6130aa5ff6cb78f3229bdd4046964cbefe32e4ac1c25674f9c0bef4d24bd4c5d608becebd3", 0x71)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./bus\x00', 0x4040, 0x0)
r6 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1202, 0x0)
write(r6, &(0x7f0000004200)='t', 0x1)
r7 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x389b0d52417bb201)
pwritev2(r7, &(0x7f0000000240), 0x0, 0x7000, 0x0, 0x3)
r8 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000380)={'team0\x00', <r11=>0x0})
ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000600)={@remote, 0x7d, r11})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r10}, 0x18)
pwritev2(r8, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xfffffdd6}], 0x1, 0x9c00, 0x0, 0x3)
sendfile(r6, r5, 0x0, 0x7ffff000)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000100)={0x5, 0xf, 0xff, 0x8, 0x0, 0x6, 0x9, 0xbe, 0xfe, 0x3, 0x3d, 0x26, 0x40, 0x1}, 0xe)
close_range(r0, 0xffffffffffffffff, 0x0)

125.672188ms ago: executing program 1 (id=557):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="1600000000000000040000000100000000000000", @ANYRES32=0x1, @ANYBLOB="0000000000000000000000f8ffffffffffffff00", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x4008032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r1, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000001a40)={0x24, 0x4, 0x8, 0x101, 0x0, 0x0, {0x0, 0x0, 0x2}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0xf8}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x84}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x4800)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000f80)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x3, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r3}, 0x10)
brk(0x200000ffc003)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='mm_page_free\x00'}, 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
r4 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r4, &(0x7f0000000840)={0x2, 0x0, @loopback}, 0x10)
sendmsg$rds(r4, &(0x7f0000000200)={&(0x7f0000000040)={0x2, 0x0, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000140)=[@rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0, 0x6}}], 0x30, 0x45}, 0x0)

112.938499ms ago: executing program 4 (id=558):
socket$xdp(0x2c, 0x3, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
syncfs(r0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x73cea2d47785b264, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x0, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="190000000400000004000000"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001c80)={{r1}, &(0x7f0000001c00), &(0x7f0000001c40)=r2}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10)
socket$netlink(0x10, 0x3, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e00000011008188040f46ecdb4cb9cca7480e1211000000e3bd012a128748b429021627e305dd2b7a146efb4400", 0x2e}], 0x1}, 0x24000000)

69.751713ms ago: executing program 4 (id=559):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e85000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, &(0x7f0000000380), &(0x7f00000003c0)=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2, 0x0, 0x7098}, 0x18)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20)
setsockopt$XDP_TX_RING(r3, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth1_virt_wifi\x00', <r5=>0x0})
setsockopt$XDP_UMEM_COMPLETION_RING(r3, 0x11b, 0x6, &(0x7f0000000180)=0x20, 0x4)
setsockopt$XDP_UMEM_FILL_RING(r3, 0x11b, 0x5, &(0x7f0000000140)=0x4000, 0x4)
bind$xdp(r3, &(0x7f0000000280)={0x2c, 0x4, r5, 0x8000004}, 0x10)

1.07201ms ago: executing program 4 (id=560):
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000), 0x206002, 0x0)
openat$cgroup_ro(r2, &(0x7f0000000040)='memory.events\x00', 0x0, 0x0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000001400000008001600c053000018000180140002006e657464657673696d3000000000000008001700365e0000080015"], 0x44}}, 0x0)

521.59µs ago: executing program 4 (id=561):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000000040)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
tkill(0x0, 0x4)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000200), 0x4)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_NET_GET(r2, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r3}, 0x10)
r4 = socket$inet6(0xa, 0x3, 0xff)
setsockopt$inet6_int(r4, 0x29, 0x16, &(0x7f0000fcb000), 0x4)
setsockopt$inet6_int(r4, 0x29, 0x16, &(0x7f0000fcb000)=0x80, 0x4)

0s ago: executing program 4 (id=562):
r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/sys/net/ipv4/vs/sync_ports\x00', 0x2, 0x0)
r1 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x20182)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'syz_tun\x00', <r4=>0x0})
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00'}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r5, r4, 0x25, 0x0, @void}, 0x10)
r6 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x100202, 0x0, 0xfffffffb}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x1a, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8d}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB], 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{}, &(0x7f0000000180), &(0x7f00000001c0)=r6}, 0x20)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
syz_emit_ethernet(0xfdef, &(0x7f0000000a40)=ANY=[], 0x0)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
ioctl$sock_SIOCGIFVLAN_GET_VLAN_VID_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000300))
ioctl$USBDEVFS_BULK(r2, 0x5523, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c01000013000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r0, @ANYBLOB="050027000000000008008500", @ANYRES32=0x0, @ANYBLOB="140003006d6163766c616e31000000000000000008000a21", @ANYRES32=r0, @ANYBLOB="e8001a"], 0x15c}}, 0x0)
r9 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r9, 0x8933, &(0x7f0000000400)={'vcan0\x00', <r10=>0x0})
bind$can_j1939(r9, &(0x7f0000000080)={0x1d, r10, 0x1, {0x0, 0x0, 0x4}, 0xfe}, 0x18)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018040000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r11}, 0x10)
r12 = signalfd4(0xffffffffffffffff, &(0x7f0000000180)={[0x4000000000]}, 0x8, 0x0)
faccessat2(r12, &(0x7f0000000040)='\x00', 0x2, 0x1200)
bind$can_j1939(r9, &(0x7f0000000340)={0x1d, r10, 0x1, {0x2, 0xff, 0x3}}, 0x18)
syz_emit_ethernet(0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffff476d0000eafb86dd61bcc1d700006cfffc02000000000000000000000000000000000000000000070000000000000001"], 0x0)

kernel console output (not intermixed with test programs):

inode contents
[   41.268324][ T3903] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2996: inode #15: comm syz.1.135: mark_inode_dirty error
[   41.283524][ T3903] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2999: inode #15: comm syz.1.135: mark inode dirty (error -117)
[   41.296235][ T3903] EXT4-fs warning (device loop1): ext4_evict_inode:274: xattr delete (err -117)
[   41.305318][ T3903] EXT4-fs (loop1): 1 orphan inode deleted
[   41.311570][ T3903] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   41.338751][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.360751][ T3912] loop1: detected capacity change from 0 to 1024
[   41.367681][ T3912] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   41.378545][ T3912] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   41.386645][ T3912] EXT4-fs (loop1): orphan cleanup on readonly fs
[   41.393325][ T3912] EXT4-fs error (device loop1): ext4_free_blocks:6706: comm syz.1.137: Freeing blocks not in datazone - block = 0, count = 4096
[   41.407325][ T3912] EXT4-fs (loop1): 1 orphan inode deleted
[   41.413614][ T3912] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   41.436722][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.493435][ T3923] loop1: detected capacity change from 0 to 1024
[   41.500257][ T3923] EXT4-fs: Ignoring removed orlov option
[   41.507592][ T3923] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   41.623056][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.643400][ T3928] loop1: detected capacity change from 0 to 512
[   41.650988][ T3928] EXT4-fs (loop1): orphan cleanup on readonly fs
[   41.657710][ T3928] EXT4-fs warning (device loop1): ext4_xattr_inode_get:560: inode #11: comm syz.1.140: EA inode hash validation failed
[   41.670584][ T3928] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #15: comm syz.1.140: corrupted inode contents
[   41.682665][ T3928] EXT4-fs error (device loop1): ext4_dirty_inode:6517: inode #15: comm syz.1.140: mark_inode_dirty error
[   41.694711][ T3928] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #15: comm syz.1.140: corrupted inode contents
[   41.713801][ T3928] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2996: inode #15: comm syz.1.140: mark_inode_dirty error
[   41.726913][ T3928] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2999: inode #15: comm syz.1.140: mark inode dirty (error -117)
[   41.739508][ T3928] EXT4-fs warning (device loop1): ext4_evict_inode:274: xattr delete (err -117)
[   41.748694][ T3928] EXT4-fs (loop1): 1 orphan inode deleted
[   41.754816][ T3928] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   41.777383][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   41.981008][ T3945] loop2: detected capacity change from 0 to 512
[   41.989382][ T3945] EXT4-fs (loop2): orphan cleanup on readonly fs
[   41.996209][ T3945] EXT4-fs warning (device loop2): ext4_xattr_inode_get:560: inode #11: comm syz.2.146: EA inode hash validation failed
[   42.008852][ T3945] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #15: comm syz.2.146: corrupted inode contents
[   42.021262][ T3945] EXT4-fs error (device loop2): ext4_dirty_inode:6517: inode #15: comm syz.2.146: mark_inode_dirty error
[   42.032787][ T3942] loop1: detected capacity change from 0 to 32768
[   42.033173][ T3945] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #15: comm syz.2.146: corrupted inode contents
[   42.051534][ T3945] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2996: inode #15: comm syz.2.146: mark_inode_dirty error
[   42.063555][ T3945] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2999: inode #15: comm syz.2.146: mark inode dirty (error -117)
[   42.076235][ T3945] EXT4-fs warning (device loop2): ext4_evict_inode:274: xattr delete (err -117)
[   42.077655][ T3949] loop0: detected capacity change from 0 to 1024
[   42.085426][ T3945] EXT4-fs (loop2): 1 orphan inode deleted
[   42.091954][ T3949] EXT4-fs: Ignoring removed orlov option
[   42.097864][ T3945] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   42.103863][ T3942]  loop1: p1 p2 p3 < > p4 < p5 p6 >
[   42.120331][ T3942] loop1: p1 start 460800 is beyond EOD, truncated
[   42.121761][ T3949] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   42.126737][ T3942] loop1: p2 size 83886080 extends beyond EOD, truncated
[   42.148350][ T3942] loop1: p5 start 460800 is beyond EOD, truncated
[   42.154816][ T3942] loop1: p6 size 83886080 extends beyond EOD, truncated
[   42.176039][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.202241][ T3953] 0ªX¹¦À: renamed from caif0
[   42.220147][ T3953] 0ªX¹¦À: entered allmulticast mode
[   42.225339][ T3953] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[   42.266832][ T3957] loop2: detected capacity change from 0 to 1024
[   42.273609][ T3957] EXT4-fs: Ignoring removed orlov option
[   42.275285][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   42.279315][ T3957] EXT4-fs: Ignoring removed nomblk_io_submit option
[   42.289819][ T3957] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   42.363208][ T3965] syz.0.154 uses obsolete (PF_INET,SOCK_PACKET)
[   42.382151][ T3968] FAULT_INJECTION: forcing a failure.
[   42.382151][ T3968] name failslab, interval 1, probability 0, space 0, times 0
[   42.394862][ T3968] CPU: 0 UID: 0 PID: 3968 Comm: syz.1.155 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   42.394959][ T3968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   42.394969][ T3968] Call Trace:
[   42.394975][ T3968]  <TASK>
[   42.394981][ T3968]  __dump_stack+0x1d/0x30
[   42.395000][ T3968]  dump_stack_lvl+0xe8/0x140
[   42.395096][ T3968]  dump_stack+0x15/0x1b
[   42.395110][ T3968]  should_fail_ex+0x265/0x280
[   42.395189][ T3968]  should_failslab+0x8c/0xb0
[   42.395212][ T3968]  __kvmalloc_node_noprof+0x12e/0x670
[   42.395297][ T3968]  ? pfifo_fast_init+0x19a/0x360
[   42.395319][ T3968]  pfifo_fast_init+0x19a/0x360
[   42.395341][ T3968]  qdisc_create_dflt+0xef/0x2d0
[   42.395395][ T3968]  mq_init+0x1b6/0x380
[   42.395418][ T3968]  ? __rcu_read_unlock+0x4f/0x70
[   42.395439][ T3968]  qdisc_create_dflt+0xef/0x2d0
[   42.395530][ T3968]  ? dev_activate+0xbb/0x9e0
[   42.395550][ T3968]  dev_activate+0xde/0x9e0
[   42.395569][ T3968]  ? _raw_spin_unlock_bh+0x36/0x40
[   42.395681][ T3968]  __dev_open+0x472/0x530
[   42.395775][ T3968]  __dev_change_flags+0x163/0x400
[   42.395796][ T3968]  netif_change_flags+0x5a/0xd0
[   42.395816][ T3968]  dev_change_flags+0xce/0x180
[   42.395835][ T3968]  dev_ifsioc+0x44b/0xaa0
[   42.395866][ T3968]  ? __rcu_read_unlock+0x4f/0x70
[   42.395905][ T3968]  dev_ioctl+0x70a/0x960
[   42.395919][ T3968]  sock_do_ioctl+0x197/0x220
[   42.396013][ T3968]  sock_ioctl+0x41b/0x610
[   42.396029][ T3968]  ? __pfx_sock_ioctl+0x10/0x10
[   42.396044][ T3968]  __se_sys_ioctl+0xce/0x140
[   42.396061][ T3968]  __x64_sys_ioctl+0x43/0x50
[   42.396077][ T3968]  x64_sys_call+0x1816/0x3000
[   42.396128][ T3968]  do_syscall_64+0xd2/0x200
[   42.396141][ T3968]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   42.396162][ T3968]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   42.396177][ T3968] RIP: 0033:0x7f176862efc9
[   42.396260][ T3968] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   42.396287][ T3968] RSP: 002b:00007f1767097038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   42.396306][ T3968] RAX: ffffffffffffffda RBX: 00007f1768885fa0 RCX: 00007f176862efc9
[   42.396320][ T3968] RDX: 00002000000000c0 RSI: 0000000000008914 RDI: 0000000000000004
[   42.396329][ T3968] RBP: 00007f1767097090 R08: 0000000000000000 R09: 0000000000000000
[   42.396338][ T3968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[   42.396366][ T3968] R13: 00007f1768886038 R14: 00007f1768885fa0 R15: 00007ffcff302578
[   42.396379][ T3968]  </TASK>
[   42.396413][ T3968] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[   42.975813][ T3977] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[   43.062833][ T3957] syz.2.151 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[   43.076993][ T3957] CPU: 0 UID: 0 PID: 3957 Comm: syz.2.151 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   43.077067][ T3957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   43.077127][ T3957] Call Trace:
[   43.077134][ T3957]  <TASK>
[   43.077143][ T3957]  __dump_stack+0x1d/0x30
[   43.077162][ T3957]  dump_stack_lvl+0xe8/0x140
[   43.077256][ T3957]  dump_stack+0x15/0x1b
[   43.077270][ T3957]  dump_header+0x81/0x220
[   43.077287][ T3957]  oom_kill_process+0x342/0x400
[   43.077519][ T3957]  out_of_memory+0x979/0xb80
[   43.077589][ T3957]  try_charge_memcg+0x610/0xa10
[   43.077681][ T3957]  obj_cgroup_charge_pages+0xa6/0x150
[   43.077699][ T3957]  __memcg_kmem_charge_page+0x9f/0x170
[   43.077770][ T3957]  __alloc_frozen_pages_noprof+0x188/0x360
[   43.077803][ T3957]  alloc_pages_mpol+0xb3/0x260
[   43.077822][ T3957]  alloc_pages_noprof+0x90/0x130
[   43.077844][ T3957]  __vmalloc_node_range_noprof+0x7a5/0xed0
[   43.077932][ T3957]  __kvmalloc_node_noprof+0x483/0x670
[   43.077958][ T3957]  ? ip_set_alloc+0x24/0x30
[   43.078059][ T3957]  ? ip_set_alloc+0x24/0x30
[   43.078127][ T3957]  ? __kmalloc_cache_noprof+0x249/0x4a0
[   43.078228][ T3957]  ip_set_alloc+0x24/0x30
[   43.078255][ T3957]  hash_netiface_create+0x282/0x740
[   43.078286][ T3957]  ? __pfx_hash_netiface_create+0x10/0x10
[   43.078317][ T3957]  ip_set_create+0x3cc/0x970
[   43.078339][ T3957]  ? __nla_parse+0x40/0x60
[   43.078427][ T3957]  nfnetlink_rcv_msg+0x4c6/0x590
[   43.078520][ T3957]  netlink_rcv_skb+0x123/0x220
[   43.078554][ T3957]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   43.078587][ T3957]  nfnetlink_rcv+0x167/0x16c0
[   43.078653][ T3957]  ? kmem_cache_free+0xe4/0x3d0
[   43.078680][ T3957]  ? __kfree_skb+0x109/0x150
[   43.078748][ T3957]  ? nlmon_xmit+0x4f/0x60
[   43.078768][ T3957]  ? consume_skb+0x49/0x150
[   43.078791][ T3957]  ? nlmon_xmit+0x4f/0x60
[   43.078814][ T3957]  ? dev_hard_start_xmit+0x3b0/0x3e0
[   43.078908][ T3957]  ? __dev_queue_xmit+0x1200/0x2000
[   43.078937][ T3957]  ? __dev_queue_xmit+0x182/0x2000
[   43.078965][ T3957]  ? ref_tracker_free+0x37d/0x3e0
[   43.079065][ T3957]  ? __netlink_deliver_tap+0x4dc/0x500
[   43.079144][ T3957]  netlink_unicast+0x5c0/0x690
[   43.079169][ T3957]  netlink_sendmsg+0x58b/0x6b0
[   43.079196][ T3957]  ? __pfx_netlink_sendmsg+0x10/0x10
[   43.079244][ T3957]  __sock_sendmsg+0x145/0x180
[   43.079269][ T3957]  ____sys_sendmsg+0x31e/0x4e0
[   43.079376][ T3957]  ___sys_sendmsg+0x17b/0x1d0
[   43.079413][ T3957]  __x64_sys_sendmsg+0xd4/0x160
[   43.079497][ T3957]  x64_sys_call+0x191e/0x3000
[   43.079520][ T3957]  do_syscall_64+0xd2/0x200
[   43.079544][ T3957]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   43.079574][ T3957]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   43.079598][ T3957]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   43.079624][ T3957] RIP: 0033:0x7f1c9cffefc9
[   43.079639][ T3957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   43.079653][ T3957] RSP: 002b:00007f1c9ba5f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   43.079670][ T3957] RAX: ffffffffffffffda RBX: 00007f1c9d255fa0 RCX: 00007f1c9cffefc9
[   43.079683][ T3957] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000004
[   43.079696][ T3957] RBP: 00007f1c9d081f91 R08: 0000000000000000 R09: 0000000000000000
[   43.079708][ T3957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   43.079721][ T3957] R13: 00007f1c9d256038 R14: 00007f1c9d255fa0 R15: 00007fffe0c17a48
[   43.079772][ T3957]  </TASK>
[   43.416759][ T3957] memory: usage 307200kB, limit 307200kB, failcnt 153
[   43.423640][ T3957] memory+swap: usage 307892kB, limit 9007199254740988kB, failcnt 0
[   43.431562][ T3957] kmem: usage 307172kB, limit 9007199254740988kB, failcnt 0
[   43.438859][ T3957] Memory cgroup stats for /syz2:
[   43.439061][ T3957] cache 8192
[   43.447133][ T3957] rss 0
[   43.449888][ T3957] shmem 0
[   43.452802][ T3957] mapped_file 0
[   43.456233][ T3957] dirty 0
[   43.459157][ T3957] writeback 0
[   43.462518][ T3957] workingset_refault_anon 25
[   43.467075][ T3957] workingset_refault_file 128
[   43.471745][ T3957] swap 708608
[   43.475016][ T3957] swapcached 12288
[   43.478751][ T3957] pgpgin 15783
[   43.482101][ T3957] pgpgout 15776
[   43.485532][ T3957] pgfault 16612
[   43.488997][ T3957] pgmajfault 17
[   43.492436][ T3957] inactive_anon 12288
[   43.496389][ T3957] active_anon 0
[   43.499855][ T3957] inactive_file 12288
[   43.503828][ T3957] active_file 4096
[   43.507533][ T3957] unevictable 0
[   43.511048][ T3957] hierarchical_memory_limit 314572800
[   43.516406][ T3957] hierarchical_memsw_limit 9223372036854771712
[   43.522546][ T3957] total_cache 8192
[   43.526248][ T3957] total_rss 0
[   43.529533][ T3957] total_shmem 0
[   43.532964][ T3957] total_mapped_file 0
[   43.536914][ T3957] total_dirty 0
[   43.540354][ T3957] total_writeback 0
[   43.544163][ T3957] total_workingset_refault_anon 25
[   43.549303][ T3957] total_workingset_refault_file 128
[   43.554487][ T3957] total_swap 708608
[   43.558278][ T3957] total_swapcached 12288
[   43.562566][ T3957] total_pgpgin 15783
[   43.566453][ T3957] total_pgpgout 15776
[   43.570467][ T3957] total_pgfault 16612
[   43.570696][   T29] kauditd_printk_skb: 104 callbacks suppressed
[   43.570708][   T29] audit: type=1400 audit(1761195057.197:13381): avc:  denied  { name_bind } for  pid=3983 comm="syz.4.160" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[   43.574430][ T3957] total_pgmajfault 17
[   43.574438][ T3957] total_inactive_anon 12288
[   43.574446][ T3957] total_active_anon 0
[   43.614602][ T3957] total_inactive_file 12288
[   43.619161][ T3957] total_active_file 4096
[   43.623381][ T3957] total_unevictable 0
[   43.627351][ T3957] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.151,pid=3956,uid=0
[   43.641857][ T3957] Memory cgroup out of memory: Killed process 3956 (syz.2.151) total-vm:96004kB, anon-rss:1264kB, file-rss:22436kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[   43.823174][   T29] audit: type=1400 audit(1761195057.397:13382): avc:  denied  { execmem } for  pid=3989 comm="syz.3.163" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   43.867026][ T3992] loop1: detected capacity change from 0 to 1024
[   43.891223][ T3992] EXT4-fs: Ignoring removed orlov option
[   43.910843][ T3992] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   44.481729][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.498208][ T4000] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   44.505622][ T4000] batman_adv: batadv0: Removing interface: batadv_slave_0
[   44.513106][   T29] audit: type=1400 audit(1761195058.117:13383): avc:  denied  { write } for  pid=3999 comm="syz.4.165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=perf_event permissive=1
[   44.514655][ T3977] Cannot find add_set index 0 as target
[   44.538581][ T4000] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   44.545951][ T4000] batman_adv: batadv0: Removing interface: batadv_slave_1
[   44.564131][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   44.579851][   T29] audit: type=1400 audit(1761195058.207:13384): avc:  denied  { write } for  pid=3999 comm="syz.4.165" name="softnet_stat" dev="proc" ino=4026532517 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   44.613173][   T29] audit: type=1400 audit(1761195058.237:13385): avc:  denied  { allowed } for  pid=3999 comm="syz.4.165" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   44.645907][   T29] audit: type=1400 audit(1761195058.267:13386): avc:  denied  { create } for  pid=4004 comm="syz.2.166" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   44.672929][   T29] audit: type=1326 audit(1761195058.287:13387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4005 comm="syz.0.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf637defc9 code=0x7ffc0000
[   44.696464][   T29] audit: type=1326 audit(1761195058.287:13388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4005 comm="syz.0.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf637defc9 code=0x7ffc0000
[   44.720060][   T29] audit: type=1326 audit(1761195058.287:13389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4005 comm="syz.0.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbf637defc9 code=0x7ffc0000
[   44.743467][   T29] audit: type=1326 audit(1761195058.287:13390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4005 comm="syz.0.167" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf637defc9 code=0x7ffc0000
[   44.783502][ T4021] pimreg: entered allmulticast mode
[   44.828026][ T4016] __nla_validate_parse: 6 callbacks suppressed
[   44.828038][ T4016] netlink: 32 bytes leftover after parsing attributes in process `syz.1.168'.
[   44.846926][ T3388] IPVS: starting estimator thread 0...
[   44.891042][ T4028] loop4: detected capacity change from 0 to 1024
[   44.913027][ T4028] EXT4-fs: Ignoring removed bh option
[   44.930200][ T4028] EXT4-fs: inline encryption not supported
[   44.936141][ T4023] loop0: detected capacity change from 0 to 32768
[   44.944723][ T4028] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   44.958430][ T4026] IPVS: using max 2688 ests per chain, 134400 per kthread
[   44.969388][ T4028] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c84ce018, mo2=0000]
[   44.978489][ T4028] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 2: comm syz.4.174: lblock 2 mapped to illegal pblock 2 (length 1)
[   44.992592][ T4023]  loop0: p1 p2 p3 < > p4 < p5 p6 >
[   44.992560][ T4028] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 48: comm syz.4.174: lblock 0 mapped to illegal pblock 48 (length 1)
[   45.000094][ T4023] loop0: p1 start 460800 is beyond EOD, truncated
[   45.018220][ T4023] loop0: p2 size 83886080 extends beyond EOD, truncated
[   45.025970][ T4028] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.174: Failed to acquire dquot type 0
[   45.038966][ T4023] loop0: p5 start 460800 is beyond EOD, truncated
[   45.045399][ T4023] loop0: p6 size 83886080 extends beyond EOD, truncated
[   45.052517][ T4028] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6313: Corrupt filesystem
[   45.062039][ T4028] EXT4-fs error (device loop4): ext4_evict_inode:254: inode #11: comm syz.4.174: mark_inode_dirty error
[   45.093928][ T4028] EXT4-fs warning (device loop4): ext4_evict_inode:257: couldn't mark inode dirty (err -117)
[   45.108479][ T4028] EXT4-fs (loop4): 1 orphan inode deleted
[   45.116915][ T4028] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.130505][   T12] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 1: comm kworker/u8:0: lblock 1 mapped to illegal pblock 1 (length 1)
[   45.156893][   T12] EXT4-fs error (device loop4): ext4_release_dquot:6981: comm kworker/u8:0: Failed to release dquot type 0
[   45.157954][ T4031] loop0: detected capacity change from 0 to 1024
[   45.175188][ T4031] EXT4-fs: Ignoring removed orlov option
[   45.178463][ T4028] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #3: block 1: comm syz.4.174: lblock 1 mapped to illegal pblock 1 (length 1)
[   45.196907][ T4031] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   45.229153][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.238461][ T3318] EXT4-fs error (device loop4): __ext4_get_inode_loc:4832: comm syz-executor: Invalid inode table block 1 in block_group 0
[   45.252597][ T3318] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6313: Corrupt filesystem
[   45.262694][ T3318] EXT4-fs error (device loop4): ext4_quota_off:7229: inode #3: comm syz-executor: mark_inode_dirty error
[   45.295499][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.303319][ T4036] loop4: detected capacity change from 0 to 512
[   45.317640][ T4036] EXT4-fs (loop4): orphan cleanup on readonly fs
[   45.361721][ T4036] EXT4-fs warning (device loop4): ext4_xattr_inode_get:560: inode #11: comm syz.4.176: EA inode hash validation failed
[   45.374445][ T4036] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #15: comm syz.4.176: corrupted inode contents
[   45.386718][ T4036] EXT4-fs error (device loop4): ext4_dirty_inode:6517: inode #15: comm syz.4.176: mark_inode_dirty error
[   45.398555][ T4036] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #15: comm syz.4.176: corrupted inode contents
[   45.415990][ T4036] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2996: inode #15: comm syz.4.176: mark_inode_dirty error
[   45.428237][ T4036] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2999: inode #15: comm syz.4.176: mark inode dirty (error -117)
[   45.441065][ T4036] EXT4-fs warning (device loop4): ext4_evict_inode:274: xattr delete (err -117)
[   45.450181][ T4036] EXT4-fs (loop4): 1 orphan inode deleted
[   45.456280][ T4036] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   45.573991][ T4053] pimreg: entered allmulticast mode
[   45.595805][ T4047] netlink: 32 bytes leftover after parsing attributes in process `syz.0.181'.
[   45.620489][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   45.867637][ T4057] loop2: detected capacity change from 0 to 8192
[   45.885514][ T4057] Option 'Í'M•O§±' to dns_resolver key: bad/missing value
[   46.114036][ T4065] netlink: 12 bytes leftover after parsing attributes in process `syz.4.187'.
[   46.218794][ T4067] capability: warning: `syz.3.188' uses deprecated v2 capabilities in a way that may be insecure
[   46.240116][ T4068] mmap: syz.4.187 (4068) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   46.303127][ T4070] loop3: detected capacity change from 0 to 1024
[   46.303680][ T4070] EXT4-fs: Ignoring removed orlov option
[   46.326848][ T4070] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   46.455477][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.456815][ T4078] pim6reg1: entered promiscuous mode
[   46.470295][ T4078] pim6reg1: entered allmulticast mode
[   46.529142][ T4082] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   46.529153][ T4082] IPv6: NLM_F_CREATE should be set when creating new route
[   46.529232][ T4082] IPv6: NLM_F_CREATE should be set when creating new route
[   46.529240][ T4082] IPv6: NLM_F_CREATE should be set when creating new route
[   46.529314][ T4082] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   46.559140][ T4085] netlink: 32 bytes leftover after parsing attributes in process `syz.3.193'.
[   46.586005][ T3415] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x4
[   46.606727][ T3415] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x2
[   46.626804][ T3415] hid-generic 0000:3000000:0000.0004: unknown main item tag 0x3
[   46.636647][ T3415] hid-generic 0000:3000000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[   46.660345][ T4091] loop4: detected capacity change from 0 to 1024
[   46.667282][ T4091] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   46.679037][ T4091] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   46.687091][ T4091] EXT4-fs (loop4): orphan cleanup on readonly fs
[   46.693695][ T4091] EXT4-fs error (device loop4): ext4_free_blocks:6706: comm syz.4.198: Freeing blocks not in datazone - block = 0, count = 4096
[   46.707107][ T4091] EXT4-fs (loop4): 1 orphan inode deleted
[   46.713714][ T4091] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   46.759688][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   46.787918][ T4099] loop4: detected capacity change from 0 to 1024
[   46.794908][ T4099] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   46.849858][ T4099] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   46.858321][ T4099] EXT4-fs (loop4): orphan cleanup on readonly fs
[   47.741445][ T4099] EXT4-fs error (device loop4): ext4_free_blocks:6706: comm syz.4.200: Freeing blocks not in datazone - block = 0, count = 4096
[   47.763962][ T4099] EXT4-fs (loop4): 1 orphan inode deleted
[   47.777272][ T4099] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   47.987272][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   48.007311][ T4110] loop3: detected capacity change from 0 to 1024
[   48.155051][ T4110] EXT4-fs: Ignoring removed nomblk_io_submit option
[   48.161799][ T4110] EXT4-fs: Ignoring removed orlov option
[   48.167449][ T4110] ext2: Bad value for 'mb_optimize_scan'
[   48.524619][ T4116] loop2: detected capacity change from 0 to 1024
[   48.531441][ T4116] EXT4-fs: Ignoring removed orlov option
[   48.566997][ T4116] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   48.865785][   T29] kauditd_printk_skb: 69 callbacks suppressed
[   48.865798][   T29] audit: type=1400 audit(1761195062.487:13456): avc:  denied  { write } for  pid=4132 comm="syz.3.207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   48.937869][ T4138] loop0: detected capacity change from 0 to 512
[   48.953015][   T29] audit: type=1400 audit(1761195062.577:13457): avc:  denied  { ioctl } for  pid=4132 comm="syz.3.207" path="socket:[6800]" dev="sockfs" ino=6800 ioctlcmd=0x45e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   48.988200][ T4138] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   49.001256][ T4138] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   49.050090][ T4142] loop4: detected capacity change from 0 to 1024
[   49.071192][ T4142] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   49.098074][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.112671][ T4138] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   49.127163][ T4142] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   49.147108][ T4142] EXT4-fs (loop4): orphan cleanup on readonly fs
[   49.155506][ T4138] EXT4-fs (loop0): 1 truncate cleaned up
[   49.165878][ T4148] loop2: detected capacity change from 0 to 164
[   49.172427][ T4142] EXT4-fs error (device loop4): ext4_free_blocks:6706: comm syz.4.211: Freeing blocks not in datazone - block = 0, count = 4096
[   49.186216][ T4138] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   49.199426][ T4148] Unable to read rock-ridge attributes
[   49.205091][ T4142] EXT4-fs (loop4): 1 orphan inode deleted
[   49.215157][   T29] audit: type=1400 audit(1761195062.837:13458): avc:  denied  { mount } for  pid=4147 comm="syz.2.212" name="/" dev="loop2" ino=1792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:iso9660_t tclass=filesystem permissive=1
[   49.243543][ T4148] Unable to read rock-ridge attributes
[   49.250685][ T4142] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   49.265902][ T4138] netlink: 8 bytes leftover after parsing attributes in process `syz.0.209'.
[   49.291254][   T29] audit: type=1400 audit(1761195062.867:13459): avc:  denied  { remove_name } for  pid=4137 comm="syz.0.209" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[   49.313886][   T29] audit: type=1400 audit(1761195062.867:13460): avc:  denied  { rename } for  pid=4137 comm="syz.0.209" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   49.336653][   T29] audit: type=1400 audit(1761195062.867:13461): avc:  denied  { unlink } for  pid=4137 comm="syz.0.209" name="file2" dev="loop0" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   49.358908][   T29] audit: type=1400 audit(1761195062.887:13462): avc:  denied  { create } for  pid=4137 comm="syz.0.209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   49.379100][   T29] audit: type=1400 audit(1761195062.887:13463): avc:  denied  { write } for  pid=4137 comm="syz.0.209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   49.399165][   T29] audit: type=1400 audit(1761195062.887:13464): avc:  denied  { nlmsg_write } for  pid=4137 comm="syz.0.209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   49.419827][   T29] audit: type=1400 audit(1761195062.887:13465): avc:  denied  { read } for  pid=4137 comm="syz.0.209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   49.444548][ T4149] smc: net device bond0 applied user defined pnetid SYZ0
[   49.452115][ T4149] smc: net device bond0 erased user defined pnetid SYZ0
[   49.459891][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.481501][ T4151] loop4: detected capacity change from 0 to 164
[   49.489175][ T4151] Unable to read rock-ridge attributes
[   49.495284][ T4151] Unable to read rock-ridge attributes
[   49.521642][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   49.553299][ T4154] smc: net device bond0 applied user defined pnetid SYZ0
[   50.185353][ T4164] loop1: detected capacity change from 0 to 4096
[   50.218941][ T4164] netlink: 'syz.1.218': attribute type 6 has an invalid length.
[   50.244452][ T4170] loop3: detected capacity change from 0 to 4096
[   50.263888][ T4172] loop4: detected capacity change from 0 to 1024
[   50.309030][ T4172] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[   50.332316][ T4172] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[   50.343285][ T4172] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[   50.374539][ T4172] JBD2: no valid journal superblock found
[   50.380376][ T4172] EXT4-fs (loop4): Could not load journal inode
[   50.487369][ T4186] netlink: 168 bytes leftover after parsing attributes in process `syz.0.226'.
[   50.575701][ T4189] loop0: detected capacity change from 0 to 164
[   50.583361][ T4189] Unable to read rock-ridge attributes
[   50.611780][ T4189] Unable to read rock-ridge attributes
[   50.687559][ T4191] loop3: detected capacity change from 0 to 1024
[   50.695003][ T4191] EXT4-fs: Ignoring removed orlov option
[   50.705326][ T4191] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   51.037199][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   51.110121][ T4202] loop0: detected capacity change from 0 to 164
[   51.128732][ T4202] Unable to read rock-ridge attributes
[   51.133374][ T4211] loop3: detected capacity change from 0 to 1024
[   51.135169][ T4202] Unable to read rock-ridge attributes
[   51.147329][ T4211] EXT4-fs: Ignoring removed orlov option
[   51.153077][ T4211] EXT4-fs: Ignoring removed nomblk_io_submit option
[   51.170314][ T4211] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   51.182386][ T4214] netlink: 32 bytes leftover after parsing attributes in process `syz.1.234'.
[   51.213183][ T4217] smc: net device bond0 erased user defined pnetid SYZ0
[   51.325123][ T4220] loop2: detected capacity change from 0 to 4096
[   51.372950][ T2093] Bluetooth: hci0: Frame reassembly failed (-84)
[   51.460967][ T4225] netlink: 'syz.2.236': attribute type 6 has an invalid length.
[   51.590858][ T4227] loop2: detected capacity change from 0 to 128
[   51.597539][ T4227] FAT-fs (loop2): bogus number of reserved sectors
[   51.604118][ T4227] FAT-fs (loop2): Can't find a valid FAT filesystem
[   51.641818][ T4229] loop2: detected capacity change from 0 to 4096
[   51.656767][ T4229] netlink: 'syz.2.239': attribute type 6 has an invalid length.
[   51.699164][ T4231] loop2: detected capacity change from 0 to 4096
[   51.784693][ T4210] syz.3.235 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[   51.795604][ T4210] CPU: 0 UID: 0 PID: 4210 Comm: syz.3.235 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   51.795630][ T4210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   51.795700][ T4210] Call Trace:
[   51.795714][ T4210]  <TASK>
[   51.795721][ T4210]  __dump_stack+0x1d/0x30
[   51.795743][ T4210]  dump_stack_lvl+0xe8/0x140
[   51.795762][ T4210]  dump_stack+0x15/0x1b
[   51.795780][ T4210]  dump_header+0x81/0x220
[   51.795855][ T4210]  oom_kill_process+0x342/0x400
[   51.795919][ T4210]  out_of_memory+0x979/0xb80
[   51.796023][ T4210]  try_charge_memcg+0x610/0xa10
[   51.796053][ T4210]  charge_memcg+0x51/0xc0
[   51.796072][ T4210]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[   51.796093][ T4210]  __read_swap_cache_async+0x17b/0x2d0
[   51.796168][ T4210]  swap_cluster_readahead+0x262/0x3c0
[   51.796191][ T4210]  swapin_readahead+0xde/0x6f0
[   51.796208][ T4210]  ? css_rstat_updated+0xb7/0x240
[   51.796283][ T4210]  ? __rcu_read_unlock+0x4f/0x70
[   51.796306][ T4210]  ? __rcu_read_unlock+0x4f/0x70
[   51.796324][ T4210]  ? swap_cache_get_folio+0x277/0x280
[   51.796341][ T4210]  do_swap_page+0x2ae/0x2370
[   51.796361][ T4210]  ? _raw_spin_unlock+0x26/0x50
[   51.796453][ T4210]  ? finish_task_switch+0xad/0x2b0
[   51.796482][ T4210]  ? __pfx_default_wake_function+0x10/0x10
[   51.796508][ T4210]  handle_mm_fault+0x9a5/0x2be0
[   51.796533][ T4210]  ? vma_start_read+0x141/0x1f0
[   51.796561][ T4210]  do_user_addr_fault+0x630/0x1080
[   51.796578][ T4210]  ? fpregs_restore_userregs+0xe2/0x1d0
[   51.796671][ T4210]  ? switch_fpu_return+0xe/0x20
[   51.796772][ T4210]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   51.796796][ T4210]  exc_page_fault+0x62/0xa0
[   51.796844][ T4210]  asm_exc_page_fault+0x26/0x30
[   51.796859][ T4210] RIP: 0033:0x7f7aacd358c8
[   51.796872][ T4210] Code: 48 f7 f1 48 01 d8 49 39 c4 4c 0f 42 e0 83 3d fa 24 38 00 00 0f 8e 09 fe ff ff e8 f3 9b fe ff 49 39 c4 72 66 66 0f 1f 44 00 00 <69> 3d c6 fd ea 00 e8 03 00 00 48 8d 1d c7 06 38 00 e8 42 96 12 00
[   51.796929][ T4210] RSP: 002b:00007ffd0040d390 EFLAGS: 00010202
[   51.796945][ T4210] RAX: 000000000000ca01 RBX: 00007f7aad0b7da0 RCX: 000000000000c738
[   51.796957][ T4210] RDX: 00000000000002c9 RSI: 00007ffd0040d370 RDI: 0000000000000001
[   51.796969][ T4210] RBP: 00007f7aad0b7da0 R08: 000000002a8c14d3 R09: 7fffffffffffffff
[   51.796982][ T4210] R10: 3fffffffffffffff R11: 0000000000000293 R12: 000000000000cae7
[   51.796994][ T4210] R13: 00007f7aad0b6090 R14: ffffffffffffffff R15: 00007ffd0040d4a0
[   51.797009][ T4210]  </TASK>
[   51.797015][ T4210] memory: usage 307200kB, limit 307200kB, failcnt 344
[   51.815258][ T4233] netlink: 'syz.2.240': attribute type 6 has an invalid length.
[   51.816736][ T4210] memory+swap: usage 308088kB, limit 9007199254740988kB, failcnt 0
[   52.056800][ T4210] kmem: usage 307188kB, limit 9007199254740988kB, failcnt 0
[   52.064144][ T4210] Memory cgroup stats for /syz3:
[   52.064332][ T4210] cache 8192
[   52.072479][ T4210] rss 0
[   52.075215][ T4210] shmem 0
[   52.078130][ T4210] mapped_file 0
[   52.081576][ T4210] dirty 0
[   52.084561][ T4210] writeback 0
[   52.087817][ T4210] workingset_refault_anon 2886
[   52.092563][ T4210] workingset_refault_file 384
[   52.097212][ T4210] swap 921600
[   52.100487][ T4210] swapcached 0
[   52.103883][ T4210] pgpgin 30269
[   52.107226][ T4210] pgpgout 30266
[   52.110670][ T4210] pgfault 35475
[   52.114101][ T4210] pgmajfault 382
[   52.117693][ T4210] inactive_anon 0
[   52.121395][ T4210] active_anon 0
[   52.124869][ T4210] inactive_file 12288
[   52.128842][ T4210] active_file 0
[   52.132274][ T4210] unevictable 0
[   52.135715][ T4210] hierarchical_memory_limit 314572800
[   52.141129][ T4210] hierarchical_memsw_limit 9223372036854771712
[   52.147296][ T4210] total_cache 8192
[   52.151047][ T4210] total_rss 0
[   52.154347][ T4210] total_shmem 0
[   52.157777][ T4210] total_mapped_file 0
[   52.161809][ T4210] total_dirty 0
[   52.165240][ T4210] total_writeback 0
[   52.169029][ T4210] total_workingset_refault_anon 2886
[   52.174285][ T4210] total_workingset_refault_file 384
[   52.179467][ T4210] total_swap 921600
[   52.183243][ T4210] total_swapcached 0
[   52.187106][ T4210] total_pgpgin 30269
[   52.190982][ T4210] total_pgpgout 30266
[   52.194967][ T4210] total_pgfault 35475
[   52.198938][ T4210] total_pgmajfault 382
[   52.203046][ T4210] total_inactive_anon 0
[   52.207171][ T4210] total_active_anon 0
[   52.211137][ T4210] total_inactive_file 12288
[   52.215610][ T4210] total_active_file 0
[   52.219619][ T4210] total_unevictable 0
[   52.223571][ T4210] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.235,pid=4210,uid=0
[   52.238013][ T4210] Memory cgroup out of memory: Killed process 4210 (syz.3.235) total-vm:96004kB, anon-rss:1136kB, file-rss:22436kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[   52.316777][ T4239] loop0: detected capacity change from 0 to 4096
[   52.325718][ T4241] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   52.331016][ T4237] loop2: detected capacity change from 0 to 164
[   52.359449][ T4237] Unable to read rock-ridge attributes
[   52.365287][ T4237] Unable to read rock-ridge attributes
[   52.415503][ T4246] netlink: 64 bytes leftover after parsing attributes in process `syz.1.246'.
[   52.444977][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   52.535837][ T4258] loop1: detected capacity change from 0 to 512
[   52.674648][ T4264] netlink: 12 bytes leftover after parsing attributes in process `syz.1.253'.
[   52.683571][ T4264] tipc: Started in network mode
[   52.688490][ T4264] tipc: Node identity 7, cluster identity 4711
[   52.694633][ T4264] tipc: Node number set to 7
[   52.756409][ T4274] netlink: 'syz.1.256': attribute type 13 has an invalid length.
[   52.798941][ T4274] bridge0: port 2(bridge_slave_1) entered disabled state
[   52.806121][ T4274] bridge0: port 1(bridge_slave_0) entered disabled state
[   52.845841][ T4279] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   52.967808][ T4272] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[   52.975900][ T2093] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   52.990636][   T12] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   53.014252][   T12] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   53.023679][   T12] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   53.060138][ T4293] loop1: detected capacity change from 0 to 1024
[   53.067589][ T4293] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   53.080551][ T4290] netlink: 12 bytes leftover after parsing attributes in process `+}[@'.
[   53.098780][ T4293] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   53.118044][ T4293] EXT4-fs (loop1): orphan cleanup on readonly fs
[   53.124574][ T4298] loop2: detected capacity change from 0 to 4096
[   53.128097][ T4300] netlink: 14 bytes leftover after parsing attributes in process `syz.3.264'.
[   53.136472][ T4293] EXT4-fs error (device loop1): ext4_free_blocks:6706: comm syz.1.262: Freeing blocks not in datazone - block = 0, count = 4096
[   53.156398][ T4293] EXT4-fs (loop1): 1 orphan inode deleted
[   53.211581][ T4307] loop3: detected capacity change from 0 to 1024
[   53.223613][ T4307] EXT4-fs: Ignoring removed orlov option
[   53.229391][ T4307] EXT4-fs: Ignoring removed nomblk_io_submit option
[   53.274531][ T4313] pim6reg1: entered promiscuous mode
[   53.279948][ T4313] pim6reg1: entered allmulticast mode
[   53.399156][ T3563] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   54.021823][ T4307] syz.3.267 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[   54.035845][ T4307] CPU: 1 UID: 0 PID: 4307 Comm: syz.3.267 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   54.035873][ T4307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   54.035883][ T4307] Call Trace:
[   54.035888][ T4307]  <TASK>
[   54.035894][ T4307]  __dump_stack+0x1d/0x30
[   54.035917][ T4307]  dump_stack_lvl+0xe8/0x140
[   54.035939][ T4307]  dump_stack+0x15/0x1b
[   54.035954][ T4307]  dump_header+0x81/0x220
[   54.035969][ T4307]  oom_kill_process+0x342/0x400
[   54.036022][ T4307]  out_of_memory+0x979/0xb80
[   54.036052][ T4307]  try_charge_memcg+0x610/0xa10
[   54.036078][ T4307]  obj_cgroup_charge_pages+0xa6/0x150
[   54.036099][ T4307]  __memcg_kmem_charge_page+0x9f/0x170
[   54.036168][ T4307]  __alloc_frozen_pages_noprof+0x188/0x360
[   54.036203][ T4307]  alloc_pages_mpol+0xb3/0x260
[   54.036219][ T4307]  ? alloc_pages_noprof+0xf4/0x130
[   54.036315][ T4307]  alloc_pages_noprof+0x90/0x130
[   54.036338][ T4307]  __vmalloc_node_range_noprof+0x7a5/0xed0
[   54.036374][ T4307]  __kvmalloc_node_noprof+0x483/0x670
[   54.036488][ T4307]  ? ip_set_alloc+0x24/0x30
[   54.036516][ T4307]  ? ip_set_alloc+0x24/0x30
[   54.036544][ T4307]  ? __kmalloc_cache_noprof+0x249/0x4a0
[   54.036575][ T4307]  ip_set_alloc+0x24/0x30
[   54.036643][ T4307]  hash_netiface_create+0x282/0x740
[   54.036674][ T4307]  ? __pfx_hash_netiface_create+0x10/0x10
[   54.036698][ T4307]  ip_set_create+0x3cc/0x970
[   54.036720][ T4307]  ? __nla_parse+0x40/0x60
[   54.036791][ T4307]  nfnetlink_rcv_msg+0x4c6/0x590
[   54.036832][ T4307]  netlink_rcv_skb+0x123/0x220
[   54.036855][ T4307]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   54.036942][ T4307]  nfnetlink_rcv+0x167/0x16c0
[   54.036981][ T4307]  ? kmem_cache_free+0xe4/0x3d0
[   54.037005][ T4307]  ? __kfree_skb+0x109/0x150
[   54.037029][ T4307]  ? nlmon_xmit+0x4f/0x60
[   54.037106][ T4307]  ? consume_skb+0x49/0x150
[   54.037139][ T4307]  ? nlmon_xmit+0x4f/0x60
[   54.037190][ T4307]  ? dev_hard_start_xmit+0x3b0/0x3e0
[   54.037222][ T4307]  ? __dev_queue_xmit+0x1200/0x2000
[   54.037283][ T4307]  ? __dev_queue_xmit+0x182/0x2000
[   54.037316][ T4307]  ? ref_tracker_free+0x37d/0x3e0
[   54.037355][ T4307]  ? __netlink_deliver_tap+0x4dc/0x500
[   54.037485][ T4307]  netlink_unicast+0x5c0/0x690
[   54.037590][ T4307]  netlink_sendmsg+0x58b/0x6b0
[   54.037618][ T4307]  ? __pfx_netlink_sendmsg+0x10/0x10
[   54.037661][ T4307]  __sock_sendmsg+0x145/0x180
[   54.037686][ T4307]  ____sys_sendmsg+0x31e/0x4e0
[   54.037769][ T4307]  ___sys_sendmsg+0x17b/0x1d0
[   54.037856][ T4307]  __x64_sys_sendmsg+0xd4/0x160
[   54.037891][ T4307]  x64_sys_call+0x191e/0x3000
[   54.037962][ T4307]  do_syscall_64+0xd2/0x200
[   54.037977][ T4307]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   54.038003][ T4307]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   54.038030][ T4307]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   54.038118][ T4307] RIP: 0033:0x7f7aace5efc9
[   54.038132][ T4307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   54.038152][ T4307] RSP: 002b:00007f7aab8bf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   54.038168][ T4307] RAX: ffffffffffffffda RBX: 00007f7aad0b5fa0 RCX: 00007f7aace5efc9
[   54.038180][ T4307] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000004
[   54.038194][ T4307] RBP: 00007f7aacee1f91 R08: 0000000000000000 R09: 0000000000000000
[   54.038207][ T4307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   54.038220][ T4307] R13: 00007f7aad0b6038 R14: 00007f7aad0b5fa0 R15: 00007ffd0040d228
[   54.038314][ T4307]  </TASK>
[   54.038319][ T4307] memory: usage 307200kB, limit 307200kB, failcnt 599
[   54.161404][ T4328] loop0: detected capacity change from 0 to 1024
[   54.163140][ T4307] memory+swap: usage 308072kB, limit 9007199254740988kB, failcnt 0
[   54.169486][ T4328] EXT4-fs: Ignoring removed orlov option
[   54.173484][ T4307] kmem: usage 307132kB, limit 9007199254740988kB, failcnt 0
[   54.415884][ T4307] Memory cgroup stats for /syz3:
[   54.416594][ T4307] cache 36864
[   54.424851][ T4307] rss 8192
[   54.427868][ T4307] shmem 0
[   54.430838][ T4307] mapped_file 0
[   54.434280][ T4307] dirty 0
[   54.437292][ T4307] writeback 0
[   54.440598][ T4307] workingset_refault_anon 2925
[   54.445351][ T4307] workingset_refault_file 925
[   54.450021][ T4307] swap 892928
[   54.453303][ T4307] swapcached 28672
[   54.456993][ T4307] pgpgin 32480
[   54.460349][ T4307] pgpgout 32463
[   54.463777][ T4307] pgfault 37583
[   54.467206][ T4307] pgmajfault 403
[   54.470736][ T4307] inactive_anon 28672
[   54.474721][ T4307] active_anon 0
[   54.478148][ T4307] inactive_file 24576
[   54.482117][ T4307] active_file 16384
[   54.485969][ T4307] unevictable 0
[   54.489495][ T4307] hierarchical_memory_limit 314572800
[   54.492809][ T4330] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -14123, delta: 1
[   54.494842][ T4307] hierarchical_memsw_limit 9223372036854771712
[   54.494852][ T4307] total_cache 36864
[   54.494860][ T4307] total_rss 8192
[   54.503534][ T4330] ref_ctr increment failed for inode: 0x155 offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff888104186d40
[   54.509657][ T4307] total_shmem 0
[   54.509667][ T4307] total_mapped_file 0
[   54.535505][ T4307] total_dirty 0
[   54.539027][ T4307] total_writeback 0
[   54.542803][ T4307] total_workingset_refault_anon 2925
[   54.548051][ T4307] total_workingset_refault_file 925
[   54.553229][ T4307] total_swap 892928
[   54.557004][ T4307] total_swapcached 28672
[   54.561232][ T4307] total_pgpgin 32480
[   54.565096][ T4307] total_pgpgout 32463
[   54.569059][ T4307] total_pgfault 37583
[   54.573012][ T4307] total_pgmajfault 403
[   54.577061][ T4307] total_inactive_anon 28672
[   54.581573][ T4307] total_active_anon 0
[   54.585523][ T4307] total_inactive_file 24576
[   54.590007][ T4307] total_active_file 16384
[   54.594302][ T4307] total_unevictable 0
[   54.598253][ T4307] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.267,pid=4305,uid=0
[   54.612932][ T4307] Memory cgroup out of memory: Killed process 4305 (syz.3.267) total-vm:93956kB, anon-rss:1136kB, file-rss:22436kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[   54.640269][   T29] kauditd_printk_skb: 134 callbacks suppressed
[   54.640279][   T29] audit: type=1400 audit(1761195068.267:13600): avc:  denied  { sqpoll } for  pid=4325 comm="syz.4.272" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   54.687514][ T4333] loop2: detected capacity change from 0 to 1024
[   54.707888][ T4333] EXT4-fs: Ignoring removed orlov option
[   54.709072][    C1] hrtimer: interrupt took 52358 ns
[   54.713704][ T4333] EXT4-fs: Ignoring removed nomblk_io_submit option
[   54.731838][ T4325] ref_ctr going negative. vaddr: 0x200000ffd002, curr val: -14123, delta: -1
[   54.740623][ T4325] ref_ctr decrement failed for inode: 0x155 offset: 0x5 ref_ctr_offset: 0x2 of mm: 0xffff888104186d40
[   54.751659][ T4325] uprobe: syz.4.272:4325 failed to unregister, leaking uprobe
[   54.836429][   T29] audit: type=1326 audit(1761195068.457:13601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4332 comm="syz.2.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9cffefc9 code=0x7ffc0000
[   54.859840][   T29] audit: type=1326 audit(1761195068.457:13602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4332 comm="syz.2.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f1c9cffefc9 code=0x7ffc0000
[   54.883278][   T29] audit: type=1326 audit(1761195068.457:13603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4332 comm="syz.2.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9cffefc9 code=0x7ffc0000
[   54.906699][   T29] audit: type=1326 audit(1761195068.457:13604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4332 comm="syz.2.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f1c9cffefc9 code=0x7ffc0000
[   54.930051][   T29] audit: type=1326 audit(1761195068.457:13605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4332 comm="syz.2.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9cffefc9 code=0x7ffc0000
[   54.953648][   T29] audit: type=1326 audit(1761195068.457:13606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4332 comm="syz.2.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7f1c9cffefc9 code=0x7ffc0000
[   54.977042][   T29] audit: type=1326 audit(1761195068.457:13607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4332 comm="syz.2.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000
[   55.000680][   T29] audit: type=1326 audit(1761195068.457:13608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4332 comm="syz.2.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9cffefc9 code=0x7ffc0000
[   55.024161][   T29] audit: type=1326 audit(1761195068.457:13609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4332 comm="syz.2.275" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1c9cffefc9 code=0x7ffc0000
[   55.107526][   T23] hid-generic 0000:3000000:0000.0005: unknown main item tag 0x4
[   55.115339][   T23] hid-generic 0000:3000000:0000.0005: unknown main item tag 0x2
[   55.125280][   T23] hid-generic 0000:3000000:0000.0005: unknown main item tag 0x3
[   55.148679][   T23] hid-generic 0000:3000000:0000.0005: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[   55.169291][ T4343] 9pnet_fd: Insufficient options for proto=fd
[   55.182952][ T4349] loop0: detected capacity change from 0 to 164
[   55.190231][ T4349] Unable to read rock-ridge attributes
[   55.196208][ T4349] Unable to read rock-ridge attributes
[   55.242489][ T4358] loop0: detected capacity change from 0 to 512
[   55.262210][ T4358] ext4 filesystem being mounted at /64/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   55.289264][ T4360] loop4: detected capacity change from 0 to 8192
[   55.476192][ T4368] loop0: detected capacity change from 0 to 1024
[   55.506832][ T4368] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   55.521346][ T4364] loop3: detected capacity change from 0 to 32768
[   55.528760][ T4368] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   55.536871][ T4368] EXT4-fs (loop0): orphan cleanup on readonly fs
[   55.547764][ T4368] EXT4-fs error (device loop0): ext4_free_blocks:6706: comm syz.0.284: Freeing blocks not in datazone - block = 0, count = 4096
[   55.561572][ T4368] EXT4-fs (loop0): 1 orphan inode deleted
[   55.567380][ T4364]  loop3: p1 p2 p3 < > p4 < p5 p6 >
[   55.572729][ T4364] loop3: p1 start 460800 is beyond EOD, truncated
[   55.579199][ T4364] loop3: p2 size 83886080 extends beyond EOD, truncated
[   55.588272][ T4364] loop3: p5 start 460800 is beyond EOD, truncated
[   55.594773][ T4364] loop3: p6 size 83886080 extends beyond EOD, truncated
[   55.737195][ T4373] FAULT_INJECTION: forcing a failure.
[   55.737195][ T4373] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   55.750339][ T4373] CPU: 1 UID: 0 PID: 4373 Comm: syz.3.286 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   55.750411][ T4373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   55.750421][ T4373] Call Trace:
[   55.750426][ T4373]  <TASK>
[   55.750432][ T4373]  __dump_stack+0x1d/0x30
[   55.750450][ T4373]  dump_stack_lvl+0xe8/0x140
[   55.750466][ T4373]  dump_stack+0x15/0x1b
[   55.750482][ T4373]  should_fail_ex+0x265/0x280
[   55.750564][ T4373]  should_fail+0xb/0x20
[   55.750577][ T4373]  should_fail_usercopy+0x1a/0x20
[   55.750593][ T4373]  strncpy_from_user+0x25/0x230
[   55.750623][ T4373]  ? __kmalloc_cache_noprof+0x249/0x4a0
[   55.750649][ T4373]  getname_flags+0x230/0x3b0
[   55.750678][ T4373]  user_path_at+0x28/0x130
[   55.750759][ T4373]  vfs_open_tree+0x19c/0x530
[   55.750792][ T4373]  __x64_sys_open_tree+0x45/0xc0
[   55.750814][ T4373]  x64_sys_call+0x2a8b/0x3000
[   55.750861][ T4373]  do_syscall_64+0xd2/0x200
[   55.750879][ T4373]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   55.750904][ T4373]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   55.750996][ T4373]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   55.751013][ T4373] RIP: 0033:0x7f7aace5efc9
[   55.751032][ T4373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   55.751110][ T4373] RSP: 002b:00007f7aab8bf038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ac
[   55.751129][ T4373] RAX: ffffffffffffffda RBX: 00007f7aad0b5fa0 RCX: 00007f7aace5efc9
[   55.751140][ T4373] RDX: 0000000000080001 RSI: 0000200000001080 RDI: ffffffffffffff9c
[   55.751152][ T4373] RBP: 00007f7aab8bf090 R08: 0000000000000000 R09: 0000000000000000
[   55.751164][ T4373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   55.751244][ T4373] R13: 00007f7aad0b6038 R14: 00007f7aad0b5fa0 R15: 00007ffd0040d228
[   55.751259][ T4373]  </TASK>
[   55.944162][ T4371] loop0: detected capacity change from 0 to 32768
[   55.968827][ T4375] loop1: detected capacity change from 0 to 1024
[   55.978873][ T4375] EXT4-fs: Ignoring removed orlov option
[   55.984603][ T4375] EXT4-fs: Ignoring removed nomblk_io_submit option
[   56.008755][ T4371]  loop0: p1 p2 p3 < > p4 < p5 p6 >
[   56.014236][ T4371] loop0: p1 start 460800 is beyond EOD, truncated
[   56.020734][ T4371] loop0: p2 size 83886080 extends beyond EOD, truncated
[   56.030718][ T4371] loop0: p5 start 460800 is beyond EOD, truncated
[   56.037148][ T4371] loop0: p6 size 83886080 extends beyond EOD, truncated
[   56.255090][ T4388] loop3: detected capacity change from 0 to 1024
[   56.277719][ T4388] EXT4-fs: Ignoring removed orlov option
[   56.289821][ T4388] EXT4-fs (loop3): stripe (509) is not aligned with cluster size (16), stripe is disabled
[   56.756117][ T4375] syz.1.287 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[   56.770289][ T4375] CPU: 0 UID: 0 PID: 4375 Comm: syz.1.287 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   56.770317][ T4375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   56.770329][ T4375] Call Trace:
[   56.770336][ T4375]  <TASK>
[   56.770344][ T4375]  __dump_stack+0x1d/0x30
[   56.770419][ T4375]  dump_stack_lvl+0xe8/0x140
[   56.770436][ T4375]  dump_stack+0x15/0x1b
[   56.770472][ T4375]  dump_header+0x81/0x220
[   56.770491][ T4375]  oom_kill_process+0x342/0x400
[   56.770522][ T4375]  out_of_memory+0x979/0xb80
[   56.770599][ T4375]  try_charge_memcg+0x610/0xa10
[   56.770632][ T4375]  obj_cgroup_charge_pages+0xa6/0x150
[   56.770651][ T4375]  __memcg_kmem_charge_page+0x9f/0x170
[   56.770669][ T4375]  __alloc_frozen_pages_noprof+0x188/0x360
[   56.770738][ T4375]  alloc_pages_mpol+0xb3/0x260
[   56.770761][ T4375]  alloc_pages_noprof+0x90/0x130
[   56.770783][ T4375]  __vmalloc_node_range_noprof+0x7a5/0xed0
[   56.770904][ T4375]  __kvmalloc_node_noprof+0x483/0x670
[   56.770935][ T4375]  ? ip_set_alloc+0x24/0x30
[   56.770962][ T4375]  ? ip_set_alloc+0x24/0x30
[   56.771047][ T4375]  ? __kmalloc_cache_noprof+0x249/0x4a0
[   56.771140][ T4375]  ip_set_alloc+0x24/0x30
[   56.771206][ T4375]  hash_netiface_create+0x282/0x740
[   56.771234][ T4375]  ? __pfx_hash_netiface_create+0x10/0x10
[   56.771280][ T4375]  ip_set_create+0x3cc/0x970
[   56.771310][ T4375]  nfnetlink_rcv_msg+0x4c6/0x590
[   56.771353][ T4375]  netlink_rcv_skb+0x123/0x220
[   56.771382][ T4375]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[   56.771431][ T4375]  nfnetlink_rcv+0x167/0x16c0
[   56.771454][ T4375]  ? rb_insert_color+0x71/0x2b0
[   56.771497][ T4375]  ? __rcu_read_unlock+0x4f/0x70
[   56.771537][ T4375]  ? kernfs_next_descendant_post+0xd3/0x110
[   56.771597][ T4375]  ? up_write+0x18/0x60
[   56.771622][ T4375]  ? kernfs_activate+0x90/0xa0
[   56.771646][ T4375]  ? kernfs_add_one+0x212/0x280
[   56.771713][ T4375]  ? percpu_array_map_lookup_percpu_elem+0x9c/0xd0
[   56.771820][ T4375]  ? __rcu_read_unlock+0x4f/0x70
[   56.771846][ T4375]  ? bpf_trace_run2+0x124/0x1c0
[   56.771993][ T4375]  ? ida_alloc_range+0x63e/0x6c0
[   56.772011][ T4375]  ? ida_alloc_range+0x63e/0x6c0
[   56.772028][ T4375]  ? kfree+0x351/0x400
[   56.772053][ T4375]  ? __rcu_read_unlock+0x4f/0x70
[   56.772102][ T4375]  ? __account_obj_stock+0x211/0x350
[   56.772206][ T4375]  ? should_fail_ex+0x30/0x280
[   56.772299][ T4375]  ? selinux_nlmsg_lookup+0x99/0x890
[   56.772321][ T4375]  ? __rcu_read_unlock+0x34/0x70
[   56.772348][ T4375]  ? __netlink_lookup+0x266/0x2a0
[   56.772380][ T4375]  netlink_unicast+0x5c0/0x690
[   56.772452][ T4375]  netlink_sendmsg+0x58b/0x6b0
[   56.772524][ T4375]  ? __pfx_netlink_sendmsg+0x10/0x10
[   56.772556][ T4375]  __sock_sendmsg+0x145/0x180
[   56.772581][ T4375]  ____sys_sendmsg+0x31e/0x4e0
[   56.772616][ T4375]  ___sys_sendmsg+0x17b/0x1d0
[   56.772724][ T4375]  __x64_sys_sendmsg+0xd4/0x160
[   56.772820][ T4375]  x64_sys_call+0x191e/0x3000
[   56.772843][ T4375]  do_syscall_64+0xd2/0x200
[   56.772861][ T4375]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   56.772916][ T4375]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   56.772970][ T4375]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   56.772987][ T4375] RIP: 0033:0x7f176862efc9
[   56.773000][ T4375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   56.773014][ T4375] RSP: 002b:00007f1767097038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   56.773032][ T4375] RAX: ffffffffffffffda RBX: 00007f1768885fa0 RCX: 00007f176862efc9
[   56.773118][ T4375] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000004
[   56.773129][ T4375] RBP: 00007f17686b1f91 R08: 0000000000000000 R09: 0000000000000000
[   56.773142][ T4375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   56.773155][ T4375] R13: 00007f1768886038 R14: 00007f1768885fa0 R15: 00007ffcff302578
[   56.773252][ T4375]  </TASK>
[   56.773259][ T4375] memory: usage 307200kB, limit 307200kB, failcnt 610
[   57.154822][ T4375] memory+swap: usage 307912kB, limit 9007199254740988kB, failcnt 0
[   57.162784][ T4375] kmem: usage 307180kB, limit 9007199254740988kB, failcnt 0
[   57.170088][ T4375] Memory cgroup stats for /syz1:
[   57.170518][ T4375] cache 8192
[   57.178639][ T4375] rss 4096
[   57.181646][ T4375] shmem 0
[   57.184637][ T4375] mapped_file 0
[   57.188085][ T4375] dirty 0
[   57.191096][ T4375] writeback 0
[   57.194379][ T4375] workingset_refault_anon 177
[   57.199115][ T4375] workingset_refault_file 905
[   57.203778][ T4375] swap 729088
[   57.207054][ T4375] swapcached 4096
[   57.210716][ T4375] pgpgin 22049
[   57.214075][ T4375] pgpgout 22044
[   57.217513][ T4375] pgfault 27536
[   57.220998][ T4375] pgmajfault 104
[   57.224523][ T4375] inactive_anon 4096
[   57.228531][ T4375] active_anon 0
[   57.231977][ T4375] inactive_file 12288
[   57.235942][ T4375] active_file 4096
[   57.240152][ T4375] unevictable 0
[   57.243603][ T4375] hierarchical_memory_limit 314572800
[   57.249303][ T4375] hierarchical_memsw_limit 9223372036854771712
[   57.255443][ T4375] total_cache 8192
[   57.259179][ T4375] total_rss 4096
[   57.262704][ T4375] total_shmem 0
[   57.266142][ T4375] total_mapped_file 0
[   57.270121][ T4375] total_dirty 0
[   57.273621][ T4375] total_writeback 0
[   57.277484][ T4375] total_workingset_refault_anon 177
[   57.282693][ T4375] total_workingset_refault_file 905
[   57.287879][ T4375] total_swap 729088
[   57.291686][ T4375] total_swapcached 4096
[   57.295823][ T4375] total_pgpgin 22049
[   57.299790][ T4375] total_pgpgout 22044
[   57.303812][ T4375] total_pgfault 27536
[   57.307843][ T4375] total_pgmajfault 104
[   57.311999][ T4375] total_inactive_anon 4096
[   57.316449][ T4375] total_active_anon 0
[   57.320436][ T4375] total_inactive_file 12288
[   57.324919][ T4375] total_active_file 4096
[   57.329162][ T4375] total_unevictable 0
[   57.333128][ T4375] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.287,pid=4374,uid=0
[   57.347813][ T4375] Memory cgroup out of memory: Killed process 4374 (syz.1.287) total-vm:93956kB, anon-rss:1136kB, file-rss:22308kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[   57.393042][ T4398] loop3: detected capacity change from 0 to 512
[   57.449385][ T4398] EXT4-fs (loop3): orphan cleanup on readonly fs
[   57.492353][ T4398] EXT4-fs warning (device loop3): ext4_xattr_inode_get:560: inode #11: comm syz.3.292: EA inode hash validation failed
[   57.530251][ T4398] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck.
[   57.555931][ T4398] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #15: comm syz.3.292: corrupted inode contents
[   57.575753][ T4403] netlink: 12 bytes leftover after parsing attributes in process `syz.2.294'.
[   57.584636][ T4403] tipc: Started in network mode
[   57.587992][ T4398] EXT4-fs error (device loop3): ext4_dirty_inode:6517: inode #15: comm syz.3.292: mark_inode_dirty error
[   57.589488][ T4403] tipc: Node identity 7, cluster identity 4711
[   57.589498][ T4403] tipc: Node number set to 7
[   57.616220][ T4398] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #15: comm syz.3.292: corrupted inode contents
[   57.628980][ T4398] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2996: inode #15: comm syz.3.292: mark_inode_dirty error
[   57.629162][ T4404] FAULT_INJECTION: forcing a failure.
[   57.629162][ T4404] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   57.653873][ T4404] CPU: 0 UID: 0 PID: 4404 Comm: syz.0.293 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   57.653896][ T4404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   57.653906][ T4404] Call Trace:
[   57.653918][ T4404]  <TASK>
[   57.653925][ T4404]  __dump_stack+0x1d/0x30
[   57.653946][ T4404]  dump_stack_lvl+0xe8/0x140
[   57.653964][ T4404]  dump_stack+0x15/0x1b
[   57.653977][ T4404]  should_fail_ex+0x265/0x280
[   57.654011][ T4404]  should_fail+0xb/0x20
[   57.654118][ T4398] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2999: inode #15: comm syz.3.292: mark inode dirty (error -117)
[   57.654038][ T4404]  should_fail_usercopy+0x1a/0x20
[   57.654224][ T4404]  _copy_to_user+0x20/0xa0
[   57.654247][ T4404]  simple_read_from_buffer+0xb5/0x130
[   57.654290][ T4404]  proc_fail_nth_read+0x10e/0x150
[   57.654327][ T4404]  ? __pfx_proc_fail_nth_read+0x10/0x10
[   57.654354][ T4404]  vfs_read+0x1a8/0x770
[   57.654375][ T4404]  ? __rcu_read_unlock+0x4f/0x70
[   57.654461][ T4404]  ? __fget_files+0x184/0x1c0
[   57.654487][ T4404]  ksys_read+0xda/0x1a0
[   57.654515][ T4404]  __x64_sys_read+0x40/0x50
[   57.654580][ T4404]  x64_sys_call+0x27c0/0x3000
[   57.654600][ T4404]  do_syscall_64+0xd2/0x200
[   57.654617][ T4404]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   57.654675][ T4404]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   57.654702][ T4404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   57.654760][ T4404] RIP: 0033:0x7fbf637dd9dc
[   57.654774][ T4404] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   57.654835][ T4404] RSP: 002b:00007fbf6221e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   57.654853][ T4404] RAX: ffffffffffffffda RBX: 00007fbf63a36090 RCX: 00007fbf637dd9dc
[   57.654915][ T4404] RDX: 000000000000000f RSI: 00007fbf6221e0a0 RDI: 0000000000000006
[   57.654927][ T4404] RBP: 00007fbf6221e090 R08: 0000000000000000 R09: 0000000000000000
[   57.654938][ T4404] R10: 0000200000000640 R11: 0000000000000246 R12: 0000000000000001
[   57.654950][ T4404] R13: 00007fbf63a36128 R14: 00007fbf63a36090 R15: 00007ffffefd4758
[   57.654967][ T4404]  </TASK>
[   57.875119][ T4407] loop1: detected capacity change from 0 to 1024
[   57.897049][ T4398] EXT4-fs warning (device loop3): ext4_evict_inode:274: xattr delete (err -117)
[   57.906174][ T4398] EXT4-fs (loop3): 1 orphan inode deleted
[   57.912093][ T4407] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   57.912692][ T4408] loop2: detected capacity change from 0 to 4096
[   57.958804][ T4407] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   57.985419][ T4407] EXT4-fs (loop1): orphan cleanup on readonly fs
[   58.017092][ T4407] EXT4-fs error (device loop1): ext4_free_blocks:6706: comm syz.1.295: Freeing blocks not in datazone - block = 0, count = 4096
[   58.051803][ T4419] netlink: 'syz.2.296': attribute type 6 has an invalid length.
[   58.143119][ T4407] EXT4-fs (loop1): 1 orphan inode deleted
[   58.682090][ T4462] netlink: 32 bytes leftover after parsing attributes in process `syz.4.306'.
[   58.712853][ T4432] loop1: detected capacity change from 0 to 512
[   58.722697][ T4432] ------------[ cut here ]------------
[   58.728160][ T4432] EA inode 11 i_nlink=2
[   58.728312][ T4432] WARNING: CPU: 1 PID: 4432 at fs/ext4/xattr.c:1058 ext4_xattr_inode_update_ref+0x36a/0x380
[   58.742717][ T4432] Modules linked in:
[   58.746594][ T4432] CPU: 1 UID: 0 PID: 4432 Comm: syz.1.305 Not tainted syzkaller #0 PREEMPT(voluntary) 
[   58.756361][ T4432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   58.766501][ T4432] RIP: 0010:ext4_xattr_inode_update_ref+0x36a/0x380
[   58.773165][ T4432] Code: 90 49 8d 7e 40 e8 c6 fe b8 ff 4d 8b 6e 40 4c 89 e7 e8 da f9 b8 ff 41 8b 56 48 48 c7 c7 4f c6 55 86 4c 89 ee e8 17 fd 67 ff 90 <0f> 0b 90 90 e9 ff fe ff ff e8 98 ca b5 03 0f 1f 84 00 00 00 00 00
[   58.792781][ T4432] RSP: 0018:ffffc90010e3b5a0 EFLAGS: 00010246
[   58.798885][ T4432] RAX: 1337607589579000 RBX: ffff88811a4cc1a8 RCX: 0000000000080000
[   58.806837][ T4432] RDX: ffffc900029ea000 RSI: 000000000000455b RDI: 000000000000455c
[   58.814844][ T4432] RBP: 0000000000000002 R08: 0001c90010e3b427 R09: 0000000000000000
[   58.822826][ T4432] R10: 00000000ffffffff R11: 0000000000000002 R12: ffff88811a4cc158
[   58.830880][ T4432] R13: 000000000000000b R14: ffff88811a4cc110 R15: 0000000000000001
[   58.838916][ T4432] FS:  00007f17670976c0(0000) GS:ffff8882aef13000(0000) knlGS:0000000000000000
[   58.847947][ T4432] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   58.854580][ T4432] CR2: 0000001b33f12ff8 CR3: 00000001258de000 CR4: 00000000003506f0
[   58.856745][ T4499] loop3: detected capacity change from 0 to 1024
[   58.862655][ T4432] Call Trace:
[   58.869640][ T4499] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   58.872188][ T4432]  <TASK>
[   58.872201][ T4432]  ext4_xattr_set_entry+0x77f/0x1020
[   58.890719][ T4432]  ext4_xattr_ibody_set+0x184/0x3c0
[   58.895961][ T4432]  ext4_expand_extra_isize_ea+0xcbb/0x11f0
[   58.898677][ T4499] EXT4-fs (loop3): revision level too high, forcing read-only mode
[   58.901800][ T4432]  __ext4_expand_extra_isize+0x246/0x280
[   58.909911][ T4499] EXT4-fs (loop3): orphan cleanup on readonly fs
[   58.915277][ T4432]  __ext4_mark_inode_dirty+0x29d/0x3f0
[   58.921953][ T4499] EXT4-fs error (device loop3): ext4_free_blocks:6706: comm syz.3.307: Freeing blocks not in datazone - block = 0, count = 4096
[   58.927063][ T4432]  ext4_evict_inode+0x80e/0xd90
[   58.942709][ T4499] EXT4-fs (loop3): 1 orphan inode deleted
[   58.945178][ T4432]  ? __pfx_ext4_evict_inode+0x10/0x10
[   58.956306][ T4432]  evict+0x2e3/0x550
[   58.960253][ T4432]  ? __dquot_initialize+0x146/0x7c0
[   58.965489][ T4432]  iput+0x4ed/0x650
[   58.969319][ T4432]  ext4_process_orphan+0x1a9/0x1c0
[   58.974461][ T4432]  ext4_orphan_cleanup+0x6a8/0xa00
[   58.979631][ T4432]  ext4_fill_super+0x3483/0x3810
[   58.984672][ T4432]  ? snprintf+0x86/0xb0
[   58.988902][ T4432]  ? set_blocksize+0x1a8/0x310
[   58.993703][ T4432]  ? sb_set_blocksize+0xe3/0x100
[   58.998767][ T4432]  ? setup_bdev_super+0x30e/0x370
[   59.003873][ T4432]  ? __pfx_ext4_fill_super+0x10/0x10
[   59.009145][ T4432]  get_tree_bdev_flags+0x291/0x300
[   59.014235][ T4432]  ? __pfx_ext4_fill_super+0x10/0x10
[   59.019535][ T4432]  get_tree_bdev+0x1f/0x30
[   59.023931][ T4432]  ext4_get_tree+0x1c/0x30
[   59.028323][ T4432]  vfs_get_tree+0x57/0x1d0
[   59.032741][ T4432]  do_new_mount+0x24d/0x660
[   59.037225][ T4432]  path_mount+0x4a5/0xb70
[   59.041542][ T4432]  ? user_path_at+0x109/0x130
[   59.046241][ T4432]  __se_sys_mount+0x28c/0x2e0
[   59.050921][ T4432]  ? do_mkdirat+0x3ac/0x3f0
[   59.055411][ T4432]  __x64_sys_mount+0x67/0x80
[   59.060042][ T4432]  x64_sys_call+0x2b51/0x3000
[   59.064770][ T4432]  do_syscall_64+0xd2/0x200
[   59.069270][ T4432]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   59.075317][ T4432]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   59.081056][ T4432]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   59.086925][ T4432] RIP: 0033:0x7f176863076a
[   59.091327][ T4432] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   59.110982][ T4432] RSP: 002b:00007f1767096e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   59.119379][ T4432] RAX: ffffffffffffffda RBX: 00007f1767096ef0 RCX: 00007f176863076a
[   59.127327][ T4432] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007f1767096eb0
[   59.135287][ T4432] RBP: 0000200000000180 R08: 00007f1767096ef0 R09: 0000000001a08700
[   59.143315][ T4432] R10: 0000000001a08700 R11: 0000000000000246 R12: 00002000000001c0
[   59.151274][ T4432] R13: 00007f1767096eb0 R14: 0000000000000470 R15: 0000200000000700
[   59.159551][ T4432]  </TASK>
[   59.162563][ T4432] ---[ end trace 0000000000000000 ]---
[   59.168254][ T4432] EXT4-fs (loop1): 1 orphan inode deleted
[   59.187361][ T4456] Bluetooth: hci0: Frame reassembly failed (-84)
[   59.293888][ T4513] netlink: 32 bytes leftover after parsing attributes in process `syz.3.308'.
[   59.387108][ T4511] loop1: detected capacity change from 0 to 32768
[   59.490093][ T4511]  loop1: p1 p2 p3 < > p4 < p5 p6 >
[   59.495541][ T4511] loop1: p1 start 460800 is beyond EOD, truncated
[   59.502010][ T4511] loop1: p2 size 83886080 extends beyond EOD, truncated
[   59.512646][ T4511] loop1: p5 start 460800 is beyond EOD, truncated
[   59.519116][ T4511] loop1: p6 size 83886080 extends beyond EOD, truncated
[   59.668965][ T4519] loop1: detected capacity change from 0 to 1024
[   59.676240][ T4519] EXT4-fs: Ignoring removed orlov option
[   59.894469][ T4525] loop1: detected capacity change from 0 to 1024
[   59.901199][ T4525] EXT4-fs: Ignoring removed orlov option
[   59.998613][ T4528] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2048 sclass=netlink_route_socket pid=4528 comm=syz.1.317
[   60.036283][ T4533] loop3: detected capacity change from 0 to 128
[   60.139511][ T4538] netlink: 32 bytes leftover after parsing attributes in process `syz.1.318'.
[   60.170736][   T29] kauditd_printk_skb: 154 callbacks suppressed
[   60.170779][   T29] audit: type=1326 audit(1761195073.797:13764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4543 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e53f3efc9 code=0x7ffc0000
[   60.200405][   T29] audit: type=1326 audit(1761195073.797:13765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4543 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e53f3efc9 code=0x7ffc0000
[   60.305132][   T29] audit: type=1326 audit(1761195073.797:13766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4543 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6e53f3efc9 code=0x7ffc0000
[   60.328610][   T29] audit: type=1326 audit(1761195073.797:13767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4543 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e53f3efc9 code=0x7ffc0000
[   60.351990][   T29] audit: type=1326 audit(1761195073.797:13768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4543 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6e53f3efc9 code=0x7ffc0000
[   60.375463][   T29] audit: type=1326 audit(1761195073.847:13769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4543 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e53f3efc9 code=0x7ffc0000
[   60.398890][   T29] audit: type=1326 audit(1761195073.847:13770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4543 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e53f3efc9 code=0x7ffc0000
[   60.422416][   T29] audit: type=1326 audit(1761195073.857:13771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4543 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6e53f3efc9 code=0x7ffc0000
[   60.445960][   T29] audit: type=1326 audit(1761195073.857:13772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4543 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e53f3efc9 code=0x7ffc0000
[   60.469644][   T29] audit: type=1326 audit(1761195073.857:13773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4543 comm="syz.4.323" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e53f3efc9 code=0x7ffc0000
[   60.548027][ T4550] loop4: detected capacity change from 0 to 2048
[   60.586075][ T4550]  loop4: p1 p2 p3
[   60.642884][ T4548] loop0: detected capacity change from 0 to 32768
[   60.646705][ T4552] loop4: detected capacity change from 0 to 1024
[   60.656012][ T4552] EXT4-fs: Ignoring removed orlov option
[   60.678747][ T4548]  loop0: p1 p2 p3 < > p4 < p5 p6 >
[   60.684088][ T4548] loop0: p1 start 460800 is beyond EOD, truncated
[   60.690533][ T4548] loop0: p2 size 83886080 extends beyond EOD, truncated
[   60.701211][ T4548] loop0: p5 start 460800 is beyond EOD, truncated
[   60.707634][ T4548] loop0: p6 size 83886080 extends beyond EOD, truncated
[   60.832104][ T4564] loop4: detected capacity change from 0 to 1024
[   60.838719][ T4564] EXT4-fs: Ignoring removed orlov option
[   60.844434][ T4564] EXT4-fs: Ignoring removed nomblk_io_submit option
[   61.028003][ T4573] netlink: 12 bytes leftover after parsing attributes in process `syz.3.333'.
[   61.036965][ T4573] tipc: Started in network mode
[   61.041842][ T4573] tipc: Node identity 7, cluster identity 4711
[   61.048060][ T4573] tipc: Node number set to 7
[   61.238449][ T3563] Bluetooth: hci0: command 0x1003 tx timeout
[   61.244565][ T3710] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   61.603065][ T4582] loop0: detected capacity change from 0 to 4096
[   61.747155][ T4584] netlink: 'syz.0.335': attribute type 6 has an invalid length.
[   61.877073][ T4591] loop1: detected capacity change from 0 to 1024
[   61.886735][   T36] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x4
[   61.894493][   T36] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x2
[   61.895711][ T4591] EXT4-fs: Ignoring removed orlov option
[   61.902318][   T36] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x3
[   61.916422][   T36] hid-generic 0000:3000000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[   61.928544][ T4593] 9pnet_fd: Insufficient options for proto=fd
[   62.034879][ T4595] loop0: detected capacity change from 0 to 32768
[   62.086197][ T4613] netlink: 12 bytes leftover after parsing attributes in process `syz.3.346'.
[   62.105685][ T4595]  loop0: p1 p2 p3 < > p4 < p5 p6 >
[   62.115973][ T4595] loop0: p1 start 460800 is beyond EOD, truncated
[   62.122410][ T4595] loop0: p2 size 83886080 extends beyond EOD, truncated
[   62.142495][ T4595] loop0: p5 start 460800 is beyond EOD, truncated
[   62.149019][ T4595] loop0: p6 size 83886080 extends beyond EOD, truncated
[   62.157045][ T4616] loop2: detected capacity change from 0 to 1024
[   62.164653][ T4616] EXT4-fs: Ignoring removed orlov option
[   62.166519][ T4618] loop3: detected capacity change from 0 to 1024
[   62.170345][ T4616] EXT4-fs: Ignoring removed nomblk_io_submit option
[   62.178390][ T4618] EXT4-fs: Ignoring removed orlov option
[   62.268322][ T4620] netlink: 20 bytes leftover after parsing attributes in process `syz.1.345'.
[   62.281579][ T4620] geneve2: entered promiscuous mode
[   62.287589][ T4452] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   62.324930][ T4627] netlink: 'syz.1.345': attribute type 13 has an invalid length.
[   62.332833][ T4452] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   62.350229][ T4625] netlink: 'syz.0.349': attribute type 3 has an invalid length.
[   62.357886][ T4625] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.349'.
[   62.408275][ T4452] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   62.483530][ T4452] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   62.528531][ T4630] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   62.643378][ T4630] loop1: detected capacity change from 0 to 1024
[   62.691828][ T4630] EXT4-fs: Ignoring removed orlov option
[   62.708933][ T4639] netlink: '+}[@': attribute type 10 has an invalid length.
[   62.718280][ T4639] ipvlan0: entered allmulticast mode
[   62.723609][ T4639] veth0_vlan: entered allmulticast mode
[   62.755182][ T4639] team0: Device ipvlan0 failed to register rx_handler
[   62.847367][ T4645] netlink: 32 bytes leftover after parsing attributes in process `syz.0.353'.
[   62.978141][ T4647] netlink: 32 bytes leftover after parsing attributes in process `syz.4.354'.
[   63.023805][ T4649] loop0: detected capacity change from 0 to 1024
[   63.030650][ T4649] EXT4-fs: Ignoring removed orlov option
[   63.053866][ T3388] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x4
[   63.061615][ T3388] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x2
[   63.093302][ T4653] loop4: detected capacity change from 0 to 4096
[   63.108453][ T3388] hid-generic 0000:3000000:0000.0007: unknown main item tag 0x3
[   63.126767][ T4660] 9pnet_fd: Insufficient options for proto=fd
[   63.142879][ T3388] hid-generic 0000:3000000:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[   63.300074][ T4673] netlink: 'gtp': attribute type 1 has an invalid length.
[   63.323351][ T4673] 8021q: adding VLAN 0 to HW filter on device bond1
[   63.337005][ T4677] netlink: 'syz.4.357': attribute type 6 has an invalid length.
[   63.379620][ T4673] 8021q: adding VLAN 0 to HW filter on device bond1
[   63.390615][ T4679] loop1: detected capacity change from 0 to 1024
[   63.407170][ T4673] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[   63.430536][ T4679] EXT4-fs: Ignoring removed orlov option
[   63.436214][ T4679] EXT4-fs: Ignoring removed nomblk_io_submit option
[   63.599976][ T4673] bond1: (slave vxcan3): Error -95 calling set_mac_address
[   64.016132][ T4687] loop3: detected capacity change from 0 to 512
[   64.048000][ T4687] EXT4-fs (loop3): 1 orphan inode deleted
[   64.117507][ T4692] loop4: detected capacity change from 0 to 4096
[   64.168669][ T4694] netlink: 14 bytes leftover after parsing attributes in process `syz.0.364'.
[   64.260603][ T4699] netlink: 12 bytes leftover after parsing attributes in process `syz.0.369'.
[   64.269512][ T4699] tipc: Started in network mode
[   64.274443][ T4699] tipc: Node identity 7, cluster identity 4711
[   64.280658][ T4699] tipc: Node number set to 7
[   64.329381][ T4700] netlink: 'syz.4.367': attribute type 6 has an invalid length.
[   64.351955][ T4703] loop3: detected capacity change from 0 to 1024
[   64.425140][ T4703] EXT4-fs: Ignoring removed orlov option
[   64.601632][ T4710] loop3: detected capacity change from 0 to 512
[   64.648763][ T4710] EXT4-fs (loop3): orphan cleanup on readonly fs
[   64.655210][ T4712] loop0: detected capacity change from 0 to 1024
[   64.665457][ T4712] SELinux:  Context system_u:object is not valid (left unmapped).
[   64.698627][ T4710] EXT4-fs warning (device loop3): ext4_xattr_inode_get:560: inode #11: comm syz.3.374: EA inode hash validation failed
[   64.720024][ T4710] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #15: comm syz.3.374: corrupted inode contents
[   64.732579][ T4710] EXT4-fs error (device loop3): ext4_dirty_inode:6517: inode #15: comm syz.3.374: mark_inode_dirty error
[   64.743964][ T4710] EXT4-fs error (device loop3): ext4_do_update_inode:5632: inode #15: comm syz.3.374: corrupted inode contents
[   64.757248][ T4710] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2996: inode #15: comm syz.3.374: mark_inode_dirty error
[   64.789960][ T4710] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2999: inode #15: comm syz.3.374: mark inode dirty (error -117)
[   64.808661][ T4719] loop0: detected capacity change from 0 to 1024
[   64.815329][ T4719] EXT4-fs: Ignoring removed orlov option
[   64.821305][ T4710] EXT4-fs warning (device loop3): ext4_evict_inode:274: xattr delete (err -117)
[   64.843304][ T4710] EXT4-fs (loop3): 1 orphan inode deleted
[   64.981579][ T3388] hid-generic 0000:3000000:0000.0008: unknown main item tag 0x4
[   64.989278][ T3388] hid-generic 0000:3000000:0000.0008: unknown main item tag 0x2
[   65.008434][ T3388] hid-generic 0000:3000000:0000.0008: unknown main item tag 0x3
[   65.018426][ T4735] netlink: 32 bytes leftover after parsing attributes in process `syz.0.378'.
[   65.023558][ T4734] loop4: detected capacity change from 0 to 4096
[   65.028934][ T3388] hid-generic 0000:3000000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[   65.047106][ T4737] netlink: 12 bytes leftover after parsing attributes in process `syz.1.383'.
[   65.068806][ T4738] 9pnet_fd: Insufficient options for proto=fd
[   65.109918][ T4744] 9pnet_fd: Insufficient options for proto=fd
[   65.129588][ T4749] netlink: 83992 bytes leftover after parsing attributes in process `syz.1.386'.
[   65.148949][ T4749] netlink: zone id is out of range
[   65.154106][ T4749] netlink: zone id is out of range
[   65.186631][ T4754] netlink: 'syz.4.382': attribute type 6 has an invalid length.
[   65.217202][ T4749] netlink: zone id is out of range
[   65.279761][ T4759] loop3: detected capacity change from 0 to 1024
[   65.287153][ T4759] EXT4-fs: Ignoring removed orlov option
[   65.292966][ T4749] netlink: zone id is out of range
[   65.298230][ T4749] netlink: zone id is out of range
[   65.316856][ T4759] EXT4-fs mount: 54 callbacks suppressed
[   65.316908][ T4759] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   65.317656][ T4749] netlink: set zone limit has 8 unknown bytes
[   65.354018][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   65.413541][ T4768] loop0: detected capacity change from 0 to 4096
[   65.586402][ T4764] loop2: detected capacity change from 0 to 32768
[   65.595636][ T4775] netlink: 'syz.0.393': attribute type 6 has an invalid length.
[   65.609228][ T4778] netlink: 12 bytes leftover after parsing attributes in process `syz.1.395'.
[   65.624129][ T4773] 9pnet: Could not find request transport: r
[   65.634784][ T4773] loop4: detected capacity change from 0 to 512
[   65.647226][ T4773] journal_path: Lookup failure for './file0'
[   65.653336][ T4773] EXT4-fs: error: could not find journal device path
[   65.660927][ T4764]  loop2: p1 p2 p3 < > p4 < p5 p6 >
[   65.666191][ T4764] loop2: p1 start 460800 is beyond EOD, truncated
[   65.672726][ T4764] loop2: p2 size 83886080 extends beyond EOD, truncated
[   65.690845][ T4764] loop2: p5 start 460800 is beyond EOD, truncated
[   65.697380][ T4764] loop2: p6 size 83886080 extends beyond EOD, truncated
[   65.707578][   T29] kauditd_printk_skb: 200 callbacks suppressed
[   65.707649][   T29] audit: type=1400 audit(1761195079.327:13974): avc:  denied  { setcheckreqprot } for  pid=4782 comm="syz.1.397" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   65.754627][   T29] audit: type=1400 audit(1761195079.327:13975): avc:  denied  { associate } for  pid=4782 comm="syz.1.397" name="blkio.bfq.io_service_bytes" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[   66.111504][ T4797] loop0: detected capacity change from 0 to 1024
[   66.152377][ T4797] EXT4-fs: Ignoring removed orlov option
[   66.230572][ T4797] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   66.275375][ T4806] netlink: 'syz.1.405': attribute type 3 has an invalid length.
[   66.283067][ T4806] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.405'.
[   66.283220][   T29] audit: type=1400 audit(1761195079.897:13976): avc:  denied  { create } for  pid=4803 comm="syz.1.405" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   66.312547][   T29] audit: type=1400 audit(1761195079.897:13977): avc:  denied  { write } for  pid=4803 comm="syz.1.405" path="socket:[8015]" dev="sockfs" ino=8015 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   66.344332][   T29] audit: type=1400 audit(1761195079.937:13978): avc:  denied  { getopt } for  pid=4803 comm="syz.1.405" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   66.363915][   T29] audit: type=1400 audit(1761195079.937:13979): avc:  denied  { read } for  pid=4803 comm="syz.1.405" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   66.383942][   T29] audit: type=1400 audit(1761195079.937:13980): avc:  denied  { ioctl } for  pid=4803 comm="syz.1.405" path="socket:[8015]" dev="sockfs" ino=8015 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   66.418242][   T29] audit: type=1400 audit(1761195080.037:13981): avc:  denied  { lock } for  pid=4803 comm="syz.1.405" path="socket:[8015]" dev="sockfs" ino=8015 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[   66.498286][ T4805] loop3: detected capacity change from 0 to 32768
[   66.498545][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.513835][ T4814] loop1: detected capacity change from 0 to 1024
[   66.522335][ T4814] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   66.535216][ T4814] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   66.544506][ T4814] EXT4-fs (loop1): orphan cleanup on readonly fs
[   66.551255][ T4814] EXT4-fs error (device loop1): ext4_free_blocks:6706: comm syz.1.406: Freeing blocks not in datazone - block = 0, count = 4096
[   66.579891][ T4805]  loop3: p1 p2 p3 < > p4 < p5 p6 >
[   66.588618][ T4805] loop3: p1 start 460800 is beyond EOD, truncated
[   66.595046][ T4805] loop3: p2 size 83886080 extends beyond EOD, truncated
[   66.607431][ T4819] loop0: detected capacity change from 0 to 512
[   66.620168][ T4805] loop3: p5 start 460800 is beyond EOD, truncated
[   66.626601][ T4805] loop3: p6 size 83886080 extends beyond EOD, truncated
[   66.635519][ T4814] EXT4-fs (loop1): 1 orphan inode deleted
[   66.641645][ T4814] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   66.642176][ T4819] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[   66.672245][ T4823] loop4: detected capacity change from 0 to 512
[   66.690615][ T4823] EXT4-fs (loop4): orphan cleanup on readonly fs
[   66.697752][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   66.746516][   T29] audit: type=1326 audit(1761195080.337:13982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4820 comm="syz.2.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9cffefc9 code=0x7ffc0000
[   66.759175][ T4823] EXT4-fs warning (device loop4): ext4_xattr_inode_get:560: inode #11: comm syz.4.410: EA inode hash validation failed
[   66.770118][   T29] audit: type=1326 audit(1761195080.337:13983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4820 comm="syz.2.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1c9cffefc9 code=0x7ffc0000
[   66.806849][ T4823] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #15: comm syz.4.410: corrupted inode contents
[   66.823424][ T4829] netlink: 76 bytes leftover after parsing attributes in process `syz.3.413'.
[   66.823490][ T4819] EXT4-fs (loop0): 1 truncate cleaned up
[   66.823984][ T4819] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   66.858596][ T4823] EXT4-fs error (device loop4): ext4_dirty_inode:6517: inode #15: comm syz.4.410: mark_inode_dirty error
[   66.879793][ T4823] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #15: comm syz.4.410: corrupted inode contents
[   66.891723][ T4823] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2996: inode #15: comm syz.4.410: mark_inode_dirty error
[   66.904055][ T4823] EXT4-fs error (device loop4): ext4_xattr_delete_inode:2999: inode #15: comm syz.4.410: mark inode dirty (error -117)
[   66.921269][ T4823] EXT4-fs warning (device loop4): ext4_evict_inode:274: xattr delete (err -117)
[   66.930412][ T4823] EXT4-fs (loop4): 1 orphan inode deleted
[   66.936394][ T4823] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   66.959391][ T4837] loop3: detected capacity change from 0 to 512
[   66.985966][ T4837] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[   66.996597][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.005732][ T4835] loop1: detected capacity change from 0 to 4096
[   67.016431][ T4837] EXT4-fs (loop3): orphan cleanup on readonly fs
[   67.022852][ T4837] EXT4-fs error (device loop3): ext4_orphan_get:1392: comm syz.3.414: inode #15: comm syz.3.414: iget: illegal inode #
[   67.035688][ T4837] EXT4-fs (loop3): Remounting filesystem read-only
[   67.042724][ T4837] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   67.057141][ T4841] loop4: detected capacity change from 0 to 164
[   67.064170][ T4841] ISOFS: unable to read i-node block
[   67.069638][ T4841] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[   67.109655][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.127564][ T4843] loop2: detected capacity change from 0 to 4096
[   67.183066][ T4849] netlink: 'syz.1.412': attribute type 6 has an invalid length.
[   67.287943][ T4856] loop0: detected capacity change from 0 to 1024
[   67.314010][ T4856] EXT4-fs: Ignoring removed mblk_io_submit option
[   67.328863][ T4856] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   67.354692][ T4859] netlink: 'syz.2.416': attribute type 6 has an invalid length.
[   67.362703][ T4856] EXT4-fs (loop0): can't mount with journal_async_commit, fs mounted w/o journal
[   67.546549][ T4872] syzkaller0: entered promiscuous mode
[   67.552286][ T4872] syzkaller0: entered allmulticast mode
[   67.629794][ T4894] netlink: zone id is out of range
[   67.635029][ T4894] netlink: zone id is out of range
[   67.640312][ T4894] netlink: zone id is out of range
[   67.645456][ T4894] netlink: zone id is out of range
[   67.684697][ T4897] 9pnet_fd: Insufficient options for proto=fd
[   67.767968][ T4901] loop4: detected capacity change from 0 to 4096
[   67.793103][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   67.834253][ T4904] loop0: detected capacity change from 0 to 164
[   67.850117][ T4906] __nla_validate_parse: 4 callbacks suppressed
[   67.850128][ T4906] netlink: 12 bytes leftover after parsing attributes in process `syz.3.437'.
[   67.932659][ T4911] netlink: 'syz.4.436': attribute type 6 has an invalid length.
[   67.940667][ T4904] iso9660: Corrupted directory entry in block 4 of inode 1792
[   67.977189][ T4919] netlink: 14 bytes leftover after parsing attributes in process `syz.3.442'.
[   68.050048][ T4922] loop1: detected capacity change from 0 to 1024
[   68.060690][ T4922] EXT4-fs: Ignoring removed orlov option
[   68.080909][ T4922] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   68.150757][ T4934] netlink: 32 bytes leftover after parsing attributes in process `syz.3.446'.
[   68.162394][ T4933] netlink: 83992 bytes leftover after parsing attributes in process `syz.4.445'.
[   68.190582][ T4453] Bluetooth: hci0: Frame reassembly failed (-84)
[   68.196177][ T4935] xt_CT: No such helper "pptp"
[   68.215191][ T4929] netlink: 4 bytes leftover after parsing attributes in process `syz.0.447'.
[   68.249914][ T4941] loop4: detected capacity change from 0 to 1024
[   68.256615][ T4941] EXT4-fs: Ignoring removed orlov option
[   68.262335][ T4941] EXT4-fs: Ignoring removed nomblk_io_submit option
[   68.265527][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   68.349334][ T4941] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   68.960164][ T4951] loop3: detected capacity change from 0 to 512
[   68.999881][ T4951] EXT4-fs (loop3): mounted filesystem 00800000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   69.038829][ T4951] EXT4-fs error (device loop3): ext4_quota_enable:7132: comm syz.3.452: Bad quota inum: 2, type: 1
[   69.058789][ T4951] EXT4-fs warning (device loop3): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-117, ino=2). Please run e2fsck to fix.
[   69.102842][ T4959] netlink: 12 bytes leftover after parsing attributes in process `syz.0.455'.
[   69.178228][ T4962] netlink: 14 bytes leftover after parsing attributes in process `syz.1.456'.
[   69.222553][ T3315] EXT4-fs (loop3): unmounting filesystem 00800000-0000-0000-0000-000000000000.
[   69.341258][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.385939][ T4980] netlink: 83992 bytes leftover after parsing attributes in process `syz.4.461'.
[   69.414830][ T4982] loop0: detected capacity change from 0 to 512
[   69.422609][ T4982] EXT4-fs (loop0): orphan cleanup on readonly fs
[   69.429510][ T4982] EXT4-fs warning (device loop0): ext4_xattr_inode_get:560: inode #11: comm syz.0.463: EA inode hash validation failed
[   69.442331][ T4986] netlink: 32 bytes leftover after parsing attributes in process `syz.1.462'.
[   69.445017][ T4982] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #15: comm syz.0.463: corrupted inode contents
[   69.463144][ T4982] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #15: comm syz.0.463: mark_inode_dirty error
[   69.466215][   T36] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0
[   69.475802][ T4982] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #15: comm syz.0.463: corrupted inode contents
[   69.481876][   T36] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0
[   69.493949][ T4982] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2996: inode #15: comm syz.0.463: mark_inode_dirty error
[   69.501081][   T36] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0
[   69.513045][ T4982] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2999: inode #15: comm syz.0.463: mark inode dirty (error -117)
[   69.520319][   T36] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0
[   69.533764][ T4982] EXT4-fs warning (device loop0): ext4_evict_inode:274: xattr delete (err -117)
[   69.540043][   T36] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0
[   69.549250][ T4982] EXT4-fs (loop0): 1 orphan inode deleted
[   69.556333][   T36] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0
[   69.556353][   T36] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0
[   69.556372][   T36] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0
[   69.562540][ T4982] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   69.569506][   T36] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0
[   69.603463][   T36] hid-generic 00A0:0006:0003.0009: unknown main item tag 0x0
[   69.612521][   T36] hid-generic 00A0:0006:0003.0009: hidraw0: <UNKNOWN> HID v0.05 Device [syz1] on syz0
[   69.622365][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.660324][ T4990] loop0: detected capacity change from 0 to 4096
[   69.691131][ T4998] loop4: detected capacity change from 0 to 1024
[   69.698933][ T4998] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   69.711900][ T4998] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   69.720148][ T4998] EXT4-fs (loop4): orphan cleanup on readonly fs
[   69.726751][ T4998] EXT4-fs error (device loop4): ext4_free_blocks:6706: comm syz.4.470: Freeing blocks not in datazone - block = 0, count = 4096
[   69.740861][ T4998] EXT4-fs (loop4): 1 orphan inode deleted
[   69.746989][ T4998] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   69.763724][ T5004] netlink: 12 bytes leftover after parsing attributes in process `syz.1.472'.
[   69.778647][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   69.849779][ T5005] netlink: 'syz.0.466': attribute type 6 has an invalid length.
[   69.916897][ T5014] loop4: detected capacity change from 0 to 1024
[   69.923510][ T5014] EXT4-fs: Ignoring removed orlov option
[   69.946278][ T5014] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.024276][ T5009] loop1: detected capacity change from 0 to 32768
[   70.071843][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.074828][ T5019] loop0: detected capacity change from 0 to 512
[   70.087106][ T5009]  loop1: p1 p2 p3 < > p4 < p5 p6 >
[   70.092418][ T5009] loop1: p1 start 460800 is beyond EOD, truncated
[   70.098843][ T5009] loop1: p2 size 83886080 extends beyond EOD, truncated
[   70.107237][ T5009] loop1: p5 start 460800 is beyond EOD, truncated
[   70.113698][ T5009] loop1: p6 size 83886080 extends beyond EOD, truncated
[   70.122256][ T5019] EXT4-fs (loop0): orphan cleanup on readonly fs
[   70.138597][ T5019] EXT4-fs warning (device loop0): ext4_xattr_inode_get:560: inode #11: comm syz.0.477: EA inode hash validation failed
[   70.151268][ T5019] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #15: comm syz.0.477: corrupted inode contents
[   70.168396][ T5019] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #15: comm syz.0.477: mark_inode_dirty error
[   70.188542][ T5019] EXT4-fs error (device loop0): ext4_do_update_inode:5632: inode #15: comm syz.0.477: corrupted inode contents
[   70.200329][ T3710] Bluetooth: hci0: Opcode 0x1003 failed: -110
[   70.209310][ T5019] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2996: inode #15: comm syz.0.477: mark_inode_dirty error
[   70.228283][ T5019] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2999: inode #15: comm syz.0.477: mark inode dirty (error -117)
[   70.242321][ T5026] net_ratelimit: 14 callbacks suppressed
[   70.242332][ T5026] netlink: zone id is out of range
[   70.253092][ T5026] netlink: zone id is out of range
[   70.278508][ T5026] netlink: zone id is out of range
[   70.283785][ T5019] EXT4-fs warning (device loop0): ext4_evict_inode:274: xattr delete (err -117)
[   70.294585][ T5026] netlink: zone id is out of range
[   70.298644][ T5019] EXT4-fs (loop0): 1 orphan inode deleted
[   70.299755][ T5026] netlink: zone id is out of range
[   70.309416][ T5019] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   70.318104][ T5026] netlink: set zone limit has 8 unknown bytes
[   70.375069][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.431541][ T5040] loop0: detected capacity change from 0 to 512
[   70.440581][ T5040] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[   70.449478][ T5040] EXT4-fs (loop0): invalid journal inode
[   70.455375][ T5040] EXT4-fs (loop0): can't get journal size
[   70.460480][ T5036] lo: entered allmulticast mode
[   70.463608][ T5040] EXT4-fs (loop0): 1 truncate cleaned up
[   70.472168][ T5040] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.485489][ T5036] tunl0: entered allmulticast mode
[   70.491228][ T5036] gre0: entered allmulticast mode
[   70.497588][ T5036] gretap0: entered allmulticast mode
[   70.503945][ T5036] erspan0: entered allmulticast mode
[   70.510092][ T5036] ip_vti0: entered allmulticast mode
[   70.516053][ T5036] ip6_vti0: entered allmulticast mode
[   70.523486][ T5045] loop3: detected capacity change from 0 to 128
[   70.529137][ T5036] sit0: entered allmulticast mode
[   70.537561][ T5036] ip6tnl0: entered allmulticast mode
[   70.540183][ T5045] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   70.544588][ T5036] ip6gre0: entered allmulticast mode
[   70.561422][ T5045] ext4 filesystem being mounted at /107/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[   70.565126][ T5036] ip6gretap0: entered allmulticast mode
[   70.612056][ T5036] bridge0: entered allmulticast mode
[   70.619351][ T5036] vcan0: entered allmulticast mode
[   70.625100][ T5036] bond0: entered allmulticast mode
[   70.630261][ T5036] bond_slave_0: entered allmulticast mode
[   70.636289][ T5036] bond_slave_1: entered allmulticast mode
[   70.643431][ T5036] 8021q: adding VLAN 0 to HW filter on device bond0
[   70.643489][ T3315] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   70.650800][ T5036] team0: entered allmulticast mode
[   70.664355][ T5036] team_slave_0: entered allmulticast mode
[   70.670242][ T5036] team_slave_1: entered allmulticast mode
[   70.677842][ T5036] 8021q: adding VLAN 0 to HW filter on device team0
[   70.685603][ T5036] nlmon0: entered allmulticast mode
[   70.697159][ T5036] A link change request failed with some changes committed already. Interface 
60ªX¹¦À may have been left with an inconsistent configuration, please check.
[   70.738178][ T5059] netlink: zone id is out of range
[   70.743328][ T5059] netlink: zone id is out of range
[   70.748994][ T5059] netlink: zone id is out of range
[   70.801920][ T5047] pim6reg: entered allmulticast mode
[   70.807282][ T5050] pim6reg: left allmulticast mode
[   70.945811][ T5065] loop1: detected capacity change from 0 to 512
[   70.952212][   T29] kauditd_printk_skb: 145 callbacks suppressed
[   70.952226][   T29] audit: type=1400 audit(1761195084.507:14129): avc:  denied  { create } for  pid=5056 comm="syz.3.488" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   70.979000][   T29] audit: type=1400 audit(1761195084.507:14130): avc:  denied  { write } for  pid=5056 comm="syz.3.488" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   71.107577][ T5065] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   71.160859][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.327161][   T29] audit: type=1400 audit(1761195084.657:14131): avc:  denied  { mounton } for  pid=5064 comm="syz.1.492" path="/103/file2" dev="tmpfs" ino=593 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   71.349756][   T29] audit: type=1400 audit(1761195084.787:14132): avc:  denied  { name_bind } for  pid=5067 comm="syz.2.493" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   71.371395][   T29] audit: type=1400 audit(1761195084.787:14133): avc:  denied  { node_bind } for  pid=5067 comm="syz.2.493" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[   71.392108][   T29] audit: type=1400 audit(1761195084.797:14134): avc:  denied  { wake_alarm } for  pid=5067 comm="syz.2.493" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[   71.413492][   T29] audit: type=1400 audit(1761195084.827:14135): avc:  denied  { read write } for  pid=5064 comm="syz.1.492" name="file2" dev="loop1" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   71.436380][   T29] audit: type=1400 audit(1761195084.827:14136): avc:  denied  { open } for  pid=5064 comm="syz.1.492" path="/103/file2/file2" dev="loop1" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[   71.459446][   T29] audit: type=1400 audit(1761195084.847:14137): avc:  denied  { create } for  pid=5067 comm="syz.2.493" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   71.478979][   T29] audit: type=1400 audit(1761195084.947:14138): avc:  denied  { allowed } for  pid=5067 comm="syz.2.493" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[   71.507178][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   71.799735][ T5083] loop4: detected capacity change from 0 to 32768
[   71.819901][ T5083]  loop4: p1 p2 p3 < > p4 < p5 p6 >
[   71.826701][ T5083] loop4: p1 start 460800 is beyond EOD, truncated
[   71.833237][ T5083] loop4: p2 size 83886080 extends beyond EOD, truncated
[   71.843489][ T5083] loop4: p5 start 460800 is beyond EOD, truncated
[   71.849943][ T5083] loop4: p6 size 83886080 extends beyond EOD, truncated
[   72.172350][ T5100] loop3: detected capacity change from 0 to 4096
[   72.264756][ T5102] loop4: detected capacity change from 0 to 512
[   72.360120][ T5102] EXT4-fs error (device loop4): ext4_orphan_get:1392: inode #15: comm syz.4.505: inode has both inline data and extents flags
[   72.475252][ T5102] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.505: couldn't read orphan inode 15 (err -117)
[   72.500104][ T5108] netlink: 'syz.3.504': attribute type 6 has an invalid length.
[   72.581650][ T5102] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   72.721834][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   72.863388][ T5112] loop4: detected capacity change from 0 to 4096
[   72.984800][ T5125] __nla_validate_parse: 9 callbacks suppressed
[   72.984814][ T5125] netlink: 32 bytes leftover after parsing attributes in process `syz.1.510'.
[   73.062650][ T5127] netlink: 'syz.4.506': attribute type 6 has an invalid length.
[   73.377211][ T5124] loop3: detected capacity change from 0 to 32768
[   73.448939][ T5124]  loop3: p1 p2 p3 < > p4 < p5 p6 >
[   73.454276][ T5124] loop3: p1 start 460800 is beyond EOD, truncated
[   73.460773][ T5124] loop3: p2 size 83886080 extends beyond EOD, truncated
[   73.496349][ T5124] loop3: p5 start 460800 is beyond EOD, truncated
[   73.502808][ T5124] loop3: p6 size 83886080 extends beyond EOD, truncated
[   73.557558][ T5131] loop4: detected capacity change from 0 to 1024
[   73.579977][ T5131] EXT4-fs: Ignoring removed orlov option
[   73.602784][ T5131] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.637302][ T5134] loop0: detected capacity change from 0 to 1024
[   73.658966][ T5134] EXT4-fs: Ignoring removed orlov option
[   73.674853][ T5134] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   73.735377][ T5144] netlink: 83992 bytes leftover after parsing attributes in process `syz.2.517'.
[   73.809392][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.886705][ T5155] loop1: detected capacity change from 0 to 164
[   73.894249][ T5155] Unable to read rock-ridge attributes
[   73.900623][ T5155] Unable to read rock-ridge attributes
[   73.920980][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.966544][ T5161] SELinux:  Context system_u:object_r:udev_var_run_t:s0 is not valid (left unmapped).
[   73.981859][ T5163] 8021q: adding VLAN 0 to HW filter on device bond1
[   73.990919][ T5163] bond0: (slave bond1): Enslaving as an active interface with an up link
[   74.008676][ T5169] loop2: detected capacity change from 0 to 512
[   74.029125][ T5173] FAULT_INJECTION: forcing a failure.
[   74.029125][ T5173] name failslab, interval 1, probability 0, space 0, times 0
[   74.037473][ T5169] EXT4-fs (loop2): orphan cleanup on readonly fs
[   74.041925][ T5173] CPU: 1 UID: 0 PID: 5173 Comm: syz.0.525 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   74.041956][ T5173] Tainted: [W]=WARN
[   74.041962][ T5173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   74.041974][ T5173] Call Trace:
[   74.041980][ T5173]  <TASK>
[   74.041986][ T5173]  __dump_stack+0x1d/0x30
[   74.042023][ T5173]  dump_stack_lvl+0xe8/0x140
[   74.042042][ T5173]  dump_stack+0x15/0x1b
[   74.042058][ T5173]  should_fail_ex+0x265/0x280
[   74.042088][ T5173]  should_failslab+0x8c/0xb0
[   74.042209][ T5173]  kmem_cache_alloc_noprof+0x50/0x480
[   74.042235][ T5173]  ? audit_log_start+0x342/0x720
[   74.042256][ T5173]  audit_log_start+0x342/0x720
[   74.042275][ T5173]  ? kstrtouint+0x76/0xc0
[   74.042368][ T5173]  audit_seccomp+0x48/0x100
[   74.042393][ T5173]  ? __seccomp_filter+0x82d/0x1250
[   74.042417][ T5173]  __seccomp_filter+0x83e/0x1250
[   74.042513][ T5173]  ? __pfx_proc_fail_nth_write+0x10/0x10
[   74.042670][ T5173]  ? vfs_write+0x7e8/0x960
[   74.042692][ T5173]  ? __rcu_read_unlock+0x4f/0x70
[   74.042715][ T5173]  ? __fget_files+0x184/0x1c0
[   74.042741][ T5173]  __secure_computing+0x82/0x150
[   74.042823][ T5173]  syscall_trace_enter+0xcf/0x1e0
[   74.042848][ T5173]  do_syscall_64+0xac/0x200
[   74.042865][ T5173]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   74.042920][ T5173]  ? irqentry_exit_to_user_mode+0x7b/0xa0
[   74.042947][ T5173]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   74.042966][ T5173] RIP: 0033:0x7fbf637defc9
[   74.042981][ T5173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   74.043018][ T5173] RSP: 002b:00007fbf6223f038 EFLAGS: 00000246 ORIG_RAX: 000000000000014c
[   74.043037][ T5173] RAX: ffffffffffffffda RBX: 00007fbf63a35fa0 RCX: 00007fbf637defc9
[   74.043049][ T5173] RDX: 0000000000001000 RSI: 0000000000000000 RDI: ffffffffffffff9c
[   74.043136][ T5173] RBP: 00007fbf6223f090 R08: 0000200000000080 R09: 0000000000000000
[   74.043147][ T5173] R10: f0cb2f4a0c2cfc5d R11: 0000000000000246 R12: 0000000000000001
[   74.043192][ T5173] R13: 00007fbf63a36038 R14: 00007fbf63a35fa0 R15: 00007ffffefd4758
[   74.043209][ T5173]  </TASK>
[   74.128273][ T5180] loop0: detected capacity change from 0 to 1024
[   74.136170][ T5169] EXT4-fs warning (device loop2): ext4_xattr_inode_get:560: inode #11: comm syz.2.524: EA inode hash validation failed
[   74.144975][ T5180] EXT4-fs: Ignoring removed orlov option
[   74.145858][ T5169] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #15: comm syz.2.524: corrupted inode contents
[   74.153986][ T5180] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.155698][ T5169] EXT4-fs error (device loop2): ext4_dirty_inode:6517: inode #15: comm syz.2.524: mark_inode_dirty error
[   74.322794][ T5169] EXT4-fs error (device loop2): ext4_do_update_inode:5632: inode #15: comm syz.2.524: corrupted inode contents
[   74.334964][ T5169] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2996: inode #15: comm syz.2.524: mark_inode_dirty error
[   74.346974][ T5169] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2999: inode #15: comm syz.2.524: mark inode dirty (error -117)
[   74.348662][ T3313] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.360078][ T5169] EXT4-fs warning (device loop2): ext4_evict_inode:274: xattr delete (err -117)
[   74.377907][ T5169] EXT4-fs (loop2): 1 orphan inode deleted
[   74.384524][ T5169] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[   74.417950][ T3320] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.473782][ T5188] loop2: detected capacity change from 0 to 4096
[   74.540479][ T5186] netlink: 4 bytes leftover after parsing attributes in process `syz.3.531'.
[   74.558866][ T5186] netlink: 32 bytes leftover after parsing attributes in process `syz.3.531'.
[   74.623028][ T5193] netlink: 'syz.2.532': attribute type 6 has an invalid length.
[   74.719531][ T5199] loop3: detected capacity change from 0 to 1024
[   74.726859][ T5199] EXT4-fs: Ignoring removed orlov option
[   74.732570][ T5199] EXT4-fs: Ignoring removed nomblk_io_submit option
[   74.753505][ T5201] loop4: detected capacity change from 0 to 1024
[   74.761219][ T5201] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   74.773690][ T5199] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.788612][ T5201] EXT4-fs (loop4): revision level too high, forcing read-only mode
[   74.796722][ T5201] EXT4-fs (loop4): orphan cleanup on readonly fs
[   74.818522][ T5201] EXT4-fs error (device loop4): ext4_free_blocks:6706: comm syz.4.535: Freeing blocks not in datazone - block = 0, count = 4096
[   74.832025][ T5201] EXT4-fs (loop4): 1 orphan inode deleted
[   74.838001][ T5201] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   74.860496][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   74.932938][ T5209] syzkaller0: entered promiscuous mode
[   74.938469][ T5209] syzkaller0: entered allmulticast mode
[   74.947242][ T5212] bridge0: port 3(gretap0) entered blocking state
[   74.953883][ T5212] bridge0: port 3(gretap0) entered disabled state
[   74.964057][ T5212] gretap0: entered allmulticast mode
[   74.969868][ T5212] gretap0: entered promiscuous mode
[   74.975414][ T5212] bridge0: port 3(gretap0) entered blocking state
[   74.981891][ T5212] bridge0: port 3(gretap0) entered forwarding state
[   75.017780][ T5216] loop1: detected capacity change from 0 to 1024
[   75.044924][ T5218] loop2: detected capacity change from 0 to 4096
[   75.051569][ T5216] EXT4-fs: Ignoring removed orlov option
[   75.062569][ T5216] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.092569][ T5223] loop4: detected capacity change from 0 to 1024
[   75.143423][ T5223] EXT4-fs: Ignoring removed orlov option
[   75.149118][ T5223] EXT4-fs: Ignoring removed nomblk_io_submit option
[   75.162690][ T5225] loop0: detected capacity change from 0 to 4096
[   75.199632][ T5223] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.255072][ T5230] netlink: 'syz.2.541': attribute type 6 has an invalid length.
[   75.296235][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   75.365267][ T5234] netlink: 'syz.0.544': attribute type 6 has an invalid length.
[   75.399741][ T5239] netlink: 14 bytes leftover after parsing attributes in process `syz.1.546'.
[   75.431020][ T5241] loop1: detected capacity change from 0 to 1024
[   75.468846][ T5241] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[   75.480479][ T5241] EXT4-fs (loop1): revision level too high, forcing read-only mode
[   75.488630][ T5241] EXT4-fs (loop1): orphan cleanup on readonly fs
[   75.502412][    T9] hid_parser_main: 5 callbacks suppressed
[   75.502426][    T9] hid-generic 0000:3000000:0000.000A: unknown main item tag 0x4
[   75.515920][    T9] hid-generic 0000:3000000:0000.000A: unknown main item tag 0x2
[   75.523814][    T9] hid-generic 0000:3000000:0000.000A: unknown main item tag 0x3
[   75.532270][    T9] hid-generic 0000:3000000:0000.000A: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[   75.544594][ T5244] 9pnet_fd: Insufficient options for proto=fd
[   75.605820][ T5246] loop2: detected capacity change from 0 to 8192
[   75.616695][ T5241] EXT4-fs error (device loop1): ext4_free_blocks:6706: comm syz.1.547: Freeing blocks not in datazone - block = 0, count = 4096
[   75.687911][ T5241] EXT4-fs (loop1): 1 orphan inode deleted
[   75.717177][ T3315] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[   75.728094][ T3315] CPU: 1 UID: 0 PID: 3315 Comm: syz-executor Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   75.728148][ T3315] Tainted: [W]=WARN
[   75.728155][ T3315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   75.728167][ T3315] Call Trace:
[   75.728173][ T3315]  <TASK>
[   75.728180][ T3315]  __dump_stack+0x1d/0x30
[   75.728266][ T3315]  dump_stack_lvl+0xe8/0x140
[   75.728286][ T3315]  dump_stack+0x15/0x1b
[   75.728302][ T3315]  dump_header+0x81/0x220
[   75.728388][ T3315]  oom_kill_process+0x342/0x400
[   75.728412][ T3315]  out_of_memory+0x979/0xb80
[   75.728435][ T3315]  try_charge_memcg+0x610/0xa10
[   75.728492][ T3315]  charge_memcg+0x51/0xc0
[   75.728510][ T3315]  __mem_cgroup_charge+0x28/0xb0
[   75.728552][ T3315]  filemap_add_folio+0x111/0x360
[   75.728581][ T3315]  __filemap_get_folio+0x31e/0x650
[   75.728612][ T3315]  filemap_fault+0x447/0xb60
[   75.728633][ T3315]  __do_fault+0xbc/0x200
[   75.728734][ T3315]  handle_mm_fault+0xf78/0x2be0
[   75.728809][ T3315]  ? vma_start_read+0x141/0x1f0
[   75.728837][ T3315]  do_user_addr_fault+0x630/0x1080
[   75.728860][ T3315]  ? arch_exit_to_user_mode_prepare+0x27/0x80
[   75.728886][ T3315]  exc_page_fault+0x62/0xa0
[   75.728983][ T3315]  asm_exc_page_fault+0x26/0x30
[   75.729000][ T3315] RIP: 0033:0x7f7aacd35ed4
[   75.729015][ T3315] Code: 85 ed 09 00 00 48 b8 db 34 b6 d7 82 de 1b 43 48 f7 a4 24 98 00 00 00 48 8b 05 c8 f8 ea 00 48 69 8c 24 90 00 00 00 e8 03 00 00 <8b> 78 08 48 8b 44 24 18 48 c1 ea 12 4c 8b 0d d9 f7 ea 00 48 01 d1
[   75.729032][ T3315] RSP: 002b:00007ffd0040d5b0 EFLAGS: 00010202
[   75.729048][ T3315] RAX: 0000001b33b24000 RBX: 0000000000000140 RCX: 00000000000124f8
[   75.729061][ T3315] RDX: 000000000aa132d8 RSI: 00007ffd0040d640 RDI: 0000000000000001
[   75.729089][ T3315] RBP: 00007ffd0040d5ec R08: 00000000288c8c86 R09: 7fffffffffffffff
[   75.729103][ T3315] R10: 3fffffffffffffff R11: 0000000000000202 R12: 0000000000001388
[   75.729120][ T3315] R13: 00000000000927c0 R14: 0000000000012477 R15: 00007ffd0040d640
[   75.729134][ T3315]  </TASK>
[   75.922984][ T3315] memory: usage 307200kB, limit 307200kB, failcnt 882
[   75.929873][ T3315] memory+swap: usage 308092kB, limit 9007199254740988kB, failcnt 0
[   75.937746][ T3315] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0
[   75.945170][ T3315] Memory cgroup stats for /syz3:
[   75.945652][ T5241] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   75.965478][ T3315] cache 8192
[   75.968729][ T3315] rss 4096
[   75.971887][ T3315] shmem 0
[   75.974988][ T3315] mapped_file 0
[   75.978480][ T3315] dirty 0
[   75.981403][ T3315] writeback 4096
[   75.985010][ T3315] workingset_refault_anon 3004
[   75.989907][ T3315] workingset_refault_file 1632
[   75.994652][ T3315] swap 913408
[   75.997922][ T3315] swapcached 8192
[   76.001584][ T3315] pgpgin 72508
[   76.004942][ T3315] pgpgout 72500
[   76.008400][ T3315] pgfault 82003
[   76.011917][ T3315] pgmajfault 432
[   76.015440][ T3315] inactive_anon 4096
[   76.019376][ T3315] active_anon 4096
[   76.023079][ T3315] inactive_file 0
[   76.026699][ T3315] active_file 24576
[   76.030528][ T3315] unevictable 0
[   76.034027][ T3315] hierarchical_memory_limit 314572800
[   76.039578][ T3315] hierarchical_memsw_limit 9223372036854771712
[   76.045723][ T3315] total_cache 8192
[   76.049437][ T3315] total_rss 4096
[   76.053026][ T3315] total_shmem 0
[   76.056475][ T3315] total_mapped_file 0
[   76.060452][ T3315] total_dirty 0
[   76.063902][ T3315] total_writeback 4096
[   76.068059][ T3315] total_workingset_refault_anon 3004
[   76.073348][ T3315] total_workingset_refault_file 1632
[   76.078631][ T3315] total_swap 913408
[   76.082423][ T3315] total_swapcached 8192
[   76.086558][ T3315] total_pgpgin 72508
[   76.090509][ T3315] total_pgpgout 72500
[   76.094478][ T3315] total_pgfault 82003
[   76.098521][ T3315] total_pgmajfault 432
[   76.102566][ T3315] total_inactive_anon 4096
[   76.106961][ T3315] total_active_anon 4096
[   76.111208][ T3315] total_inactive_file 0
[   76.115348][ T3315] total_active_file 24576
[   76.119837][ T3315] total_unevictable 0
[   76.123852][ T3315] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.534,pid=5198,uid=0
[   76.138493][ T3315] Memory cgroup out of memory: Killed process 5198 (syz.3.534) total-vm:96004kB, anon-rss:1264kB, file-rss:22436kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[   76.155798][ T3324] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.188525][   T29] kauditd_printk_skb: 619 callbacks suppressed
[   76.188536][   T29] audit: type=1400 audit(1761195089.817:14756): avc:  denied  { create } for  pid=5253 comm="syz.1.552" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   76.234058][   T29] audit: type=1400 audit(1761195089.847:14757): avc:  denied  { setopt } for  pid=5253 comm="syz.1.552" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   76.253563][   T29] audit: type=1326 audit(1761195089.847:14758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5253 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f176862efc9 code=0x7ffc0000
[   76.277019][   T29] audit: type=1326 audit(1761195089.847:14759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5253 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f176862efc9 code=0x7ffc0000
[   76.300458][   T29] audit: type=1326 audit(1761195089.847:14760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5253 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7f176862efc9 code=0x7ffc0000
[   76.323968][   T29] audit: type=1326 audit(1761195089.847:14761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5253 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f176862efc9 code=0x7ffc0000
[   76.347341][   T29] audit: type=1326 audit(1761195089.847:14762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5253 comm="syz.1.552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f176862efc9 code=0x7ffc0000
[   76.371556][ T5256] netlink: 'syz.1.553': attribute type 10 has an invalid length.
[   76.400710][ T3318] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.432392][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   76.476736][ T5266] netlink: 14 bytes leftover after parsing attributes in process `syz.4.558'.
[   76.513363][ T5268] loop3: detected capacity change from 0 to 1024
[   76.531487][ T5268] EXT4-fs: Ignoring removed orlov option
[   76.551882][ T5268] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   76.621589][ T5279] netlink: 32 bytes leftover after parsing attributes in process `syz.4.562'.
[   76.657418][ T5268] ==================================================================
[   76.665506][ T5268] BUG: KCSAN: data-race in xas_clear_mark / xas_find_marked
[   76.672784][ T5268] 
[   76.675096][ T5268] read-write to 0xffff88810761b6c0 of 8 bytes by task 5280 on cpu 0:
[   76.683140][ T5268]  xas_clear_mark+0x91/0x180
[   76.687721][ T5268]  __folio_start_writeback+0x24a/0x390
[   76.693182][ T5268]  ext4_bio_write_folio+0x5ad/0x9f0
[   76.698373][ T5268]  mpage_process_page_bufs+0x4a1/0x620
[   76.703822][ T5268]  mpage_prepare_extent_to_map+0x786/0xc00
[   76.709615][ T5268]  ext4_do_writepages+0x708/0x2750
[   76.714709][ T5268]  ext4_writepages+0x176/0x300
[   76.719457][ T5268]  do_writepages+0x1c6/0x310
[   76.724031][ T5268]  filemap_write_and_wait_range+0x144/0x340
[   76.729912][ T5268]  kiocb_write_and_wait+0x7a/0x110
[   76.735015][ T5268]  __iomap_dio_rw+0x52c/0x1240
[   76.739773][ T5268]  iomap_dio_rw+0x40/0x90
[   76.744087][ T5268]  ext4_file_read_iter+0x20f/0x290
[   76.749181][ T5268]  copy_splice_read+0x442/0x660
[   76.754018][ T5268]  splice_direct_to_actor+0x290/0x680
[   76.759375][ T5268]  do_splice_direct+0xda/0x150
[   76.764122][ T5268]  do_sendfile+0x380/0x650
[   76.768528][ T5268]  __x64_sys_sendfile64+0x105/0x150
[   76.773716][ T5268]  x64_sys_call+0x2bb4/0x3000
[   76.778384][ T5268]  do_syscall_64+0xd2/0x200
[   76.782867][ T5268]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.788743][ T5268] 
[   76.791061][ T5268] read to 0xffff88810761b6c0 of 8 bytes by task 5268 on cpu 1:
[   76.798582][ T5268]  xas_find_marked+0x218/0x620
[   76.803328][ T5268]  find_get_entry+0x5d/0x380
[   76.807908][ T5268]  filemap_get_folios_tag+0x13b/0x210
[   76.813356][ T5268]  mpage_prepare_extent_to_map+0x320/0xc00
[   76.819148][ T5268]  ext4_do_writepages+0x708/0x2750
[   76.824242][ T5268]  ext4_writepages+0x176/0x300
[   76.828990][ T5268]  do_writepages+0x1c6/0x310
[   76.833565][ T5268]  file_write_and_wait_range+0x156/0x2c0
[   76.839189][ T5268]  generic_buffers_fsync_noflush+0x45/0x120
[   76.845068][ T5268]  ext4_sync_file+0x1ab/0x690
[   76.849728][ T5268]  vfs_fsync_range+0x10d/0x130
[   76.854482][ T5268]  ext4_buffered_write_iter+0x34f/0x3c0
[   76.860013][ T5268]  ext4_file_write_iter+0x387/0xf60
[   76.865195][ T5268]  do_iter_readv_writev+0x4a1/0x540
[   76.870380][ T5268]  vfs_writev+0x2df/0x8b0
[   76.874699][ T5268]  __se_sys_pwritev2+0xfc/0x1c0
[   76.879539][ T5268]  __x64_sys_pwritev2+0x67/0x80
[   76.884382][ T5268]  x64_sys_call+0x2c59/0x3000
[   76.889043][ T5268]  do_syscall_64+0xd2/0x200
[   76.893526][ T5268]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.899400][ T5268] 
[   76.901705][ T5268] value changed: 0xfffffffffffffe00 -> 0xffffffffffffc000
[   76.908787][ T5268] 
[   76.911093][ T5268] Reported by Kernel Concurrency Sanitizer on:
[   76.917224][ T5268] CPU: 1 UID: 0 PID: 5268 Comm: syz.3.556 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[   76.928404][ T5268] Tainted: [W]=WARN
[   76.932188][ T5268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   76.942224][ T5268] ==================================================================
[   77.059689][ T3315] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   78.582294][   T29] audit: type=1400 audit(1761195092.207:14763): avc:  denied  { unmount } for  pid=3320 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1