last executing test programs:

2.615312172s ago: executing program 4 (id=4395):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1802, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000240)={[{@noblock_validity}, {}, {@sysvgroups}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@grpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
rename(&(0x7f0000000180)='./file1\x00', 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a0000000000008500"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0xfffffffffffffffd}, 0x18)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file2\x00', 0x2200000, &(0x7f0000000240)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@user_xattr}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xb, 0xd, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r4, 0x0, 0xfffffffffffffffc}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffe}, 0x18)
r5 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$sock(r5, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000001f80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0xfd, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40)
sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x4008084)
setxattr$trusted_overlay_opaque(&(0x7f0000000080)='\x00', &(0x7f00000000c0), 0x0, 0x0, 0x3)

2.265684374s ago: executing program 0 (id=4397):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r0, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
r3 = socket$kcm(0x2, 0x5, 0x0)
sendmsg$inet(r3, 0x0, 0x3e8)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000600)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x40, 0x0, r4, 0x0, &(0x7f0000000000)="bd", 0xfffffffffffffe28, 0x100, 0x1})
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0x4004550d, 0x0)

2.160667374s ago: executing program 0 (id=4399):
socket$inet6_udp(0xa, 0x2, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c200000effffffffffff0806003686dd0610000aaaaaaaaaaa3afe8000000000000000000000000000bba43685449790fe8000000000000000000000000000aa"], 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYRESOCT], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x844)
r1 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x56, 0x0, 0x0, 0x0, 0x0, 0x8, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x1, @perf_config_ext={0x4, 0xaea}, 0x10005, 0x3, 0xfffffbff, 0x3, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f00000001c0)='cpu<-0\t\t\t')
prctl$PR_SET_NAME(0xf, &(0x7f0000000980)='\xff\x00\x00\x00\x00\x00\x000`\x14\x99\x06\xc0\x7fs\x00\t\x14\x17\xc3\xf5\xc9\v\x85\xe7\x00\x00\x18\x88\x06\x94\x98\xa9\xe7\x1c\x8a\x89\xdc\xcc\xf7L\xbd%\xc3!\x0e\x91S\xb2~8\"\xe2\xed\xbf\x12\x1a\\6p\'p\xef\x1a\n\x99\x12\xe8\'\x1c\x97M\xa5N\xd9\xbeV&\x1c2K?\x95\xd9\"\xbe\x050+\xca\xea\'\xe9)\xfe\xeb\x9c\xb5\xa0F`\xe4D\x10F\x831\xec\\v\xf0\xab_M\b\x03\xc3\n\x89\x01E`\xd35Q2\xecZz\xdc\x065p\x1c\x8f\x9b\x99IGXO\x00\x00\v\xed\xb0\xc5\xd4\xc7,\x1a\xb3}CMOO\x8a\xa8kh\x7f\x05c\xfc\xebb\xc8\xa2\xa9\xbf\xb3\x9b\xafE\xbd\xc5\xdc\xde\xbe_')
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d000000180100002020732600000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000a40)='kfree\x00', r2, 0x0, 0x2}, 0x18)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x1, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000a000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r4, &(0x7f0000000140)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x9}}, 0x10)
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000000)=0x20, 0x4)
setsockopt$sock_attach_bpf(r4, 0x1, 0x34, &(0x7f00000000c0)=r3, 0x4)
listen(r4, 0x0)
close(r4)
r5 = socket$packet(0x11, 0x2, 0x300)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0e000000040000000400"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
setsockopt$sock_attach_bpf(r5, 0x1, 0x32, &(0x7f0000000180)=r7, 0x4)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000b40)=ANY=[@ANYBLOB="b702000009000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065060400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244cef7baf48e6d2885a09a87507ebfc75b5b0f4e4309ebcdac5f7a860c008cbdd3b4c3b7f28754860c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05ae8a70d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e432cd080e3b57239f0127473e6ba922aff649609d40b47ec331ccba3cf96f9483ff19a6471bf5abc742d9cbcfb964b11b31034694a6aad86cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c235000000453302712c3d8fc4e2b61adb0695e800000000d4f4e91f0000002c33df424d1bafe5725c8a404724f8a4f1cda7997b65954f74097560b91da309b887af2485c2d9ab09b523000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb7818000000009dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200000000004000cbef88811dc8c1b27ac7d9a6bb70f60eb9c01dd2fc79b85e4d961498f3a80131d21d856177a2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f040000009d81003f927355408f87264797d3fa970949793b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e750339643adac1322c87ca253ff2fb1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2dfae60ab958e9f3ef9b4aaa4e8d6166f636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e20762c1bf4a3eb6769f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de808a38ba3512d64dc71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978a2df2f2a29a387c6f0576b36038f819286eca99a6a434811cf2a117d775fe986a49fb82cf5f15972d5ab18f1045384501adabb20f7b0e15ff47f1744e2341b59034959a1289ba6e243668e6735305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a54b49e1ae6c5aa620d27e91aa0aa0ed6fcacfc91fbb4c256409e54daefbb107c381fa729ff5f3907d93430da178d685d7730f5e129438a5214f722096d2986334c2576bef69145d3fbd78a9059e454474f92e65828b018174a9f4738b8c71fbdeac26ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf16ed1343fb7429eb395123b0a4262b7023c22039b9002589a378ed4c6267965af78b861bd025312538cec97966b8973d4e299d9802264d06e40ae118e1d242d1128dcedeb44030df12ef68f78215d65f96eb55db8cbcb060008000d988374f85451a694ffe38a1d03916ff10dc82b31c98d42e1a1bda1290de1a499a5a385b31112a48ba3e6d6849914c1788a7aca37177cc341fff44fec5c5e0abae01c439a1b0311e074e81ae9993b5b3459553e4ece78d4c1501c70f5d81e0725d5b273755c0000000000000000aa4234ff82182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a11993d54f97a23754ac828674dbb93c0ad345715be4a13678b01edf76d8a923655800a2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574e6e6aefb7a68da5ec1ae49f968bbe0e0bf9878516f553639f5b4828e92019b61f5874be1c7cdd9482df50bc24a8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483bd8920efcf30a798c2b636243e0a37262ca47dfeefa753ba528f7ba77e825051ce69b4475d7d714ba0c636e6ae9f710411d30ef424aeaabe057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8e220bb4d83de1e4dc19d6c1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f891f7a793a70da62d6d88fbb90d220acc687931b42d6be83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02a409315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342fff009adb5b2251461a1b9d6ba625b8fe04e69a1a4be2696f0000000086e172932e03000000000000005942e1b9d6dc28ab8e19e1111dd893e801015642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841098f845d1cc9ec4eee79c298fb0ba939b13707044e2e9cc0d350438c1c8c6bb9a38c6ac5ca0d9cf1f3d6915f25cb26edfc28b3079b97df32601240e454db103fb0c4a143673a3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f1472bb6aaeb8ac9ee4054605558ab31f339f6a4caf2ee2fd01f34dca3300000000000000000000000000000000f59f8e6e00000000c44130098d833a24000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e92b6ebb4b40a992a75d3c595426ae40d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd603fd7f8898c70b5c65f2e28f22e1a79a6af3a54861b07f124642e98389557affbdede09b5566a4a1ee73b20846810030a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3944097de34de2001c8533a3766e6e4c4c4702ccb932a27a3962814cd6aa8fc684beeaa3932efae3a9052be8eec1e95f6ad8d41dd34829503ba4b66e27154cb6e34aa13450522df1723130b6fe347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca1598137ddd1090ded672f5a48a40cab3f640c8241a364cbdd3f188eec7da7bccafbd5bf28a46f0eecc6b550471b0b0770c6a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd25091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a674bd16b8f7e6aed12a305366599f5f029a7b24558c027518c669760500002f1c19d16a6f391906000000cc0bbbfb8c698ecc137d96711100e0108d3bd2afed0b279ebf0527552a9331e646c424b14ffbb815622bfd2f635855bed1b164d0a56bd104be069854111c5b26ec3c652b5f0a6b9676dae987ec23456ba05a4dfb15321ef6b76e7e547a688c67ab531cfc784c9f940d9fb0464a6cce635e14b80dc5c1c64e75e6bd5355d84f8df272f18f58c570e7afd83ee77f157c146aa747b728969aeb4aba1d8f9de1b3fb8ab6ea50e884c2ea98e6400bf0c5ae2887cd1da0e57ccfdf5eca2b455247efcc13102846c0a85f20c80007c0ce6efce627b95b8ad3003385de97101678fb2163ecea6e70a77a6fbc089e31a5ccece932229b8f79faa6863d6857c3d9a9710f9f8ad16eeb8342278f311cbc226498028234d21466892983378fe64acbb44f694cd78e43c74aa75505cb1c91b189f8f89f233a05f5cd4e173a373178557843dd705268f74a9e5429945503195aefd6706b584d8408c9652b3fe68500747f7ee8375fa559c3ad195d3795df1a8364cd13acc3256ee4634c73eeb6954d0fcf09ab84df0b8900e0c6fea2ccb600ae7a4b128cae19df160e7c207b89132d1d5bdc9ffc79f0549b82df521817651d5fead5128205b92ccdccc69407ab556217af277af911dbd456dfc43dd061b6c91485dcc208cf0b3d0bf851de413f5de5ec015e296914afab6411109355e027ce04990d9aae251b9deb11b7db45b9f15b7b55d8fdbedd9e6cf891205694f02be8b9ea8ecd41308a0e1b93ae3435bfa88b440b1f701b4d0fc49c82193f27f8023b630ea97edbf3bf421a0a1a2b4ac7bb30bcd1cdd172c0df37408fd6827bb03e8742fc1c7a2befd1299928c5f79e846a8dc7ca648d960a759e6711b69776896a9656d59af6d44bc5348229fa84ae78af8421a22c4b4c17a3d24a4a0104000000000000d77cc4eef51c2b417c8c7458ddd7dd9d1a863bf0a9e1a30a19020490038017a5c7e474c83302a2c2b5c976dacf3dda7191c757f208000000000000005f7ed983f65723fbb36b9b51abb0dbcd335700000000000000000000000000000086666201251aa4f139d0485ffcf89f01639fd1579a3802f720a0215c720a97071f5065a23642a58275dbca444b00e2e5835185d5d5b2796eb0fe32cf3b0633f58ecc7648c3c6efe82f93a3008052416512eea30ea9472e0b456a652883c0907323cf03be193a05008cdef7a98a1671a1918df310dc4bfd61c3db4819ab1c57b348a8ff1ed36364a20fe846f1cd086058d139ce528425b31c5d08b433562ffb318c1285011f9b78b2401989384311101e452f54661ecdb2514a6ae50dbdd422de0f0f8c670000000000390be79688f80c47314cb1b14afcaa5d23f9032e0ec51f45f447d6a7c798fcf7e60e2180e289410801e4f03a0e140f388f25b92da1025d8409e171a2336ed71cca86eb4658fe06df286e0e20276b0618eeffd05774f15686cd9d3182ca2fec863875f305fed6baf48a594db12582a38cfdffffffffffffff0cf8d920517835fe7d09cfcb624f6931f1cc6f6b71f58de9ddc38e0c43992f6bc57a718d0cfd197b5324b4e05ef1caa96db3ae1f2f2e5791faba2ebbe1a6faf21f2748fb1fb6743c3ca8af4e6b02518c9b7fdc1b5721eb1c3ed98db25536f74ac7861afc94544e52dcb5c60460a05802e3b437ac977bfa26b887a2443e8d559c58187f004eb82b07937df6e96f77ed551926bec4e0188fae10a35d1c5f1768ac6be829bea46f1babc3d74adc31ca71bdab9079e4288881b434484eadde9da6b81802842abd462d546c59d87acc014f81d3414759bda12d2a2c6bc1bfa807bd3101eb227184a61107b6d0618e2a3b842671e084ac3f0ff94dc48b51601247318ab4d1c5106458000000000008000000000000cfee0107e6c2fe8639d926829fdbbd86bf591a8c3c235d8939af9d923f648165881a6c29997234406400b3b1c321cc158dbe17123eace30000000000009ea77cb4d3ca892600000000796de6ae4ae40bdf9a6e8c5dc29562262af9cd54e8e3ecc7e3c8cba0ecc791683496c4e5c1a5729714d9f9031f49b400cd2667b4ea6df54809615a4f973f93e6ccec72f16ff998e29ed99df733680a9d5cea57f99cc139b6ea9014f3000000000000000000000000000000000000feeab45a4046a622b0dceb413e4e39b7317e92cbed46b41ab5115bfb542c933783d750852dfdc6656aaf15e10615a88821f2f1bc53969b52d6852755e7681ad5beda80b38ccd34116b99f50b4fdd967b3f20f260455412b67563e40e323bde9d673fceda0ad6981565c8a183d928903b4f4472dde41b6dcd75314c31e704dfcb222c8359fe88944f852242270c932abfaeece0843d708f5cd25b2a63ae1e79723c1c3c013836b47da0a35d0f34c070000000000000422ae2c148d444dd437a7d2f5e575009bc2d17a199802409329dae8baa58d3de63ad45328a9d4dc1ace543dfe11913c6c6413f8f7a15657d012fea460bb4656a20df1ba26932b0ef49f8ea88d7b4c1289314ba789661640f1b5d7cbae103fa95b0035f1e8e866307d4796eab0992704f9e00be4b1af8dfa9e94ad74e607ea9d7d7a95ed5a15429426abbed8d2c657018305c6f9e5159a5453f958991a908ff4cb2e8cbccb1d3c8daf754e4b01b2edd023e5bfdf293bd28fc1f8885f6edd5a715df4d180247feb08e9e2e5126c48be6098e711f0d86de5d76fdccae34eef9197c32ab4e6fcb52eb9ce18fdb621a75913a97254d783778203ec0bd1a8859683e1d01da4e81fb73bb3b358340a0310bf5ae17b917208da607fd7b125cf99fd3e9056f5184df7570ede94b736ae354b5b8ae2cc473b455f2f86d47c69027676bf1141f316b0f278f1692406572ee82766f8e5ff1cfec2a7a6cab7d0f2582a877c9bd4ca81089373f738d02e6bb4d3df30ac0f041e51ad36e1ff140812baf54b80635cc80963c8f69fa4506f7a30c99d3e538cc0aeafcad86ead38ed949aa3c204aea50e5e0039f01b82595b7dc921a8acc1f76340f060cc9a3acad3451c17dc9b5ca5d10a0cb1708592d1900a046f33761d50895febd9fd58cb132989766cf7c252daac259576ec218e3857e6fa97fe445d1fab51d87302a4bb28a4cfe462ee4849cc6832650188ca187d85509d8beccf9d9cf752368985804195b9fd2faf1aff8248f3981bd55cbbf514cd8365fee72cc7af053e5388ceadadb967ef735181df6a90cab13f58f6d563c9ab4ad37297aecffd8446cb2b14ec36a99af8393e3760d5970ba1debdcbccd54012c559ee2797ff962328aa6a252c0756e396ce4d52937546675203bdf1d6b120acac576523f8b1daa922188bf61536312f90dba92fb380c3c6fb5f9883a2c4dd99a1bac9b7cb25ff2ef9bd58ff97ddfdd2d4bcc371ee82245b57cd91a7fa3479cd339f54a5c422b753cd42d441ea881d46e419312db1f0cccce"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0xff9d}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r8, 0x20e, 0xe40, 0xfd000004, &(0x7f00000004c0)="b9180bb76003070c009e40f086dd1fff310000003c0020010010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d7473be0ab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x4c00000000000000)
socket$nl_netfilter(0x10, 0x3, 0xc)

2.133830606s ago: executing program 3 (id=4401):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='net/udplite6\x00')
close_range(r2, 0xffffffffffffffff, 0x0)

1.919432246s ago: executing program 3 (id=4403):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000), 0x8)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x17, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0xffffffff}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x64f022bf, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x7a37, 0x2, 0x0, 0x2fd}, &(0x7f0000000280)=<r3=>0x0, &(0x7f0000000300)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r2, 0x0, &(0x7f0000000040)='./file0\x00', 0x64, 0x183000, 0x12345})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x442802)
io_uring_enter(r2, 0x47f6, 0x34de, 0x18, 0x0, 0x0)

1.893256748s ago: executing program 3 (id=4404):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x1, 0x103440)
syz_usb_disconnect(r0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000340), 0x400080, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r1, 0x5201)
syz_usb_connect$cdc_ncm(0x3, 0xf3, &(0x7f0000000540)=ANY=[], 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000027"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
socket$pptp(0x18, 0x1, 0x2)
syz_open_dev$usbmon(&(0x7f0000000900), 0x7, 0x2a200)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000600)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x40000004, 0x0, 0x0, 0x1e00, 0x6f, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000700)='kfree\x00', r4}, 0x18)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000280)={<r5=>0xffffffffffffffff})
r6 = syz_io_uring_setup(0x499, &(0x7f0000000f40)={0x0, 0xd144, 0x0, 0x40000000, 0x377, 0x0, r0}, &(0x7f00000003c0)=<r7=>0x0, &(0x7f0000000580)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r5, 0x0, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB='0'], 0x30}})
io_uring_enter(r6, 0x3516, 0xddd6, 0x4, 0x0, 0x0)
connect$inet(0xffffffffffffffff, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f00000002c0)="01a4acc7cf28ab9f6c7fc745c30bfc165466072a660bbf56352083db9d40454a67f8010000004bd29585885c89773ca3ba28a1e85ffe2a9220e0ecd440e345b745bf2146835ad015c801f95be5b890e44fb3dfbe8e88a1e5176e584c970207f23b0073ca5375abddf56331be396eaa2398", 0x71, 0x52, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000001100000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
readahead(0xffffffffffffffff, 0x100, 0x9)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x2000081, &(0x7f0000000740)=ANY=[@ANYRES64=0x0, @ANYRES8, @ANYRES64, @ANYRES8, @ANYRESDEC, @ANYRES64], 0x2, 0x23e, &(0x7f0000000f00)="$eJzs3c9qE1EUB+AzSdqmukgWrkRwQBeuStsnSJEKYldKFupCi21BklCwEGgVQ1c+gU/ic7jxDXwAoTtdFEYmSZsWUm0wf0r9vk0uzP3NOTe5Iau5eX2n1dja3ds5/PA9yuUkCrWoJUcR1ShEbiEAgOvmV5bFUdYzWrJUmFRPAMBkXfL3f3GKLQEAE/bs+Ysnaxsb60/TtBzR+tSuJ9F77V1f24m30YztWI5KHEdkp3rjR4831qOU5qpxv9Vp1/Nk69XX/v3XfkR08ytRierw/Eracybfadfn4ka/fi3Pr0Ylbg3Prw7JR30+Htw70/9SVOLbm9iNZmxFnh3kP66k6cPs88/3L/OO83zSadcXuvMGsuLUPxwAAAAAAAAAAAAAAAAAAAAAAK6tpTRN0yz7kmVZ1jl3/k7xuHt9KT1RPX8+Ty9/0flAnTPn6yznJZLe/EG+FLdLUZrl2gEAAAAAAAAAAAAAAAAAAOCq2Ns/aGw2m9vvxjo4eax//Hf+10EU+601k4gr0E93sJj3M51ad2PEWrURS0Rh/6Bxsrsam0n8JVWe0CbJhmy/4oWp+TFVn7853lUkETF3+mb+aXIh5sb8TQEAAAAAAAAAAAAAAAAAAKZs8NDvkIuHM2gIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGZg8P//Iww6/fAlUzNeIgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP+B3wEAAP//bkR7Lg==")
close_range(0xffffffffffffffff, r4, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r9}, 0x10)
ioctl$EVIOCRMFF(r0, 0x41015500, &(0x7f0000000500)=0x81000000)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1.87038104s ago: executing program 2 (id=4407):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000080000000b"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x40f00, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1, 0x0, 0x5}, 0x18)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSSOFTCAR(r2, 0x5453, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffff05850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r3}, 0x10)
r4 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x8000)
connect$qrtr(0xffffffffffffffff, &(0x7f0000000200)={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0xc)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
r6 = perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x10, 0xe40b9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_bp={0x0, 0x1}, 0xa416, 0x32, 0x43a1bd56, 0x7, 0x9, 0x8f, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x5, 0x5, &(0x7f0000000180)=ANY=[@ANYBLOB="180800000000000000000000000000001800000000000000000000000000000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x48, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$PERF_EVENT_IOC_SET_BPF(r6, 0x40042408, r7)
sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=@newsa={0x138, 0x10, 0x1, 0x70bd2b, 0x0, {{@in6=@private1={0xfc, 0x1, '\x00', 0xfd}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0xecdf}, {@in6=@loopback, 0x4d5, 0x32}, @in6=@private1, {0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x0, 0x400004}, {}, 0x0, 0x0, 0x2, 0x4}, [@algo_crypt={0x48, 0x2, {{'cbc(aes)\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x10}, 0x4050)
r8 = syz_io_uring_setup(0x497, &(0x7f0000000300)={0x0, 0x5ef8, 0x80, 0x3, 0x285}, &(0x7f0000000380)=<r9=>0x0, &(0x7f00000003c0)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd, 0x0, 0x0})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x29, 0x1, 0x0, 0x0, 0x0, 0x4, 0x510, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x1, @perf_bp={0x0, 0x9}, 0x0, 0x10000, 0x0, 0x5, 0x8, 0x20005, 0x0, 0x0, 0x0, 0x0, 0x20000008}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioperm(0x5, 0xa, 0x100000000000)
io_uring_enter(r8, 0x3498, 0x969, 0xffff000000000000, 0x0, 0x0)
dup3(r8, r4, 0x80000)
r11 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
syz_usb_disconnect(r11)

1.794839707s ago: executing program 1 (id=4409):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = open(&(0x7f0000000140)='./file2\x00', 0x147842, 0x126)
preadv2(r1, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000010c0)=ANY=[@ANYRES64], 0x50)
socket(0x10, 0x803, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = syz_open_dev$loop(&(0x7f0000000000), 0x440000e, 0x183043)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000300), 0x8f, 0x0)
ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r2}, 0x18)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x3)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000400000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1f, 0xc, &(0x7f00000004c0)=ANY=[@ANYRES32=r1, @ANYRES64=r0, @ANYRES8=r1], &(0x7f0000000700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r6}, 0x10)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$tipc(r7, &(0x7f0000004440)={&(0x7f0000000ec0)=@id={0x1e, 0x3, 0x2, {0x4e21}}, 0x10, 0x0}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a03000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000180003801400020000007468305f746f5f68737200000000080002"], 0xe8}}, 0x0)
r9 = mq_open(&(0x7f0000000500)='\xb2\x9e\x8a\x81c\ab7\x86\xc6\xbeY.\xe7\x85\xf8Q\x8a\x8a\xd1?J\x8f\xdc\r\xbe\xb8\xf1:7\x05\a\x11\x7f\xc6\xea*\x12\x86g\xf4Z;i\xc0\x13\x1f\x7f\xef\xa8D\xdf\xc6b\xe7\xf9\x8f\x1d\x1c\xaa\xe2<\x97\x90(\xf6\xa0\xe2\xd7\xecru\x93\fD\x91q\xd8\"\xd20\x96\xff\xc3&\xc5_t\xf4^{\x9d~\xed\xb8Tl7\x12LP\xd2\x8f', 0x42, 0x80, 0x0)
r10 = epoll_create(0x2)
epoll_ctl$EPOLL_CTL_ADD(r10, 0x1, r9, &(0x7f0000000080)={0xa000000a})
r11 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f00000000c0)={'bridge0\x00'})

1.130096817s ago: executing program 4 (id=4410):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0xff7ffffd}}, {{0xa, 0x4e08, 0x4a3, @local, 0x4f1}}}, 0x108)
r2 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000000)={0x8, 0x80000000, 0x10, 0x2, 0x18, "10120dfe0ef7f0200093c23b0a0080002a00"})
ioctl$TIOCL_GETMOUSEREPORTING(r2, 0x5412, &(0x7f0000000080)=0xa)
setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000001a00)=ANY=[@ANYBLOB="03000000000000000a004e2300000010ff010000000000000000000000000001f8ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b0000000a004e2000000008fe8000000000000000000000000000aa05000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000010000000c0000000000000000000000000000000104000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ad94e2100000073fe8000000000000000000000000000aa09000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a004e210000000800000000000000000000000000000001"], 0x610)
r3 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}, 0xb}}, {{0xa, 0x4e24, 0x3947abbd, @empty, 0x40}}}, 0x108)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r4, &(0x7f0000000040)=0xfe8e, 0x12)
getpeername$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000100)=0x1c)
setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000780)=ANY=[@ANYBLOB="03000000000000000a004e2300000009ff0100000000000000000000000002010800"/144], 0x90)
close(0x4)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xa4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000640)="985e44efeabe001cabcf3d8673c3a254a9a2d3197970cb347b70a243bf77139a94bc3ae91684aaf7b7dff691deb8f8aef2d915fb3a0794a9a9b431a819bca6122c350637808dde804a048fd8696e524b2934126c443ce93d82e931eb9918e6c0827686e59209d2e02c9210fd8048f04ad6c42200fd9232f5aa6a361816bf21afb8473a064f", 0x85}], 0x1}}], 0x1, 0x2090)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x24)
socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = socket$inet6_icmp(0xa, 0x2, 0x3a)
bind$inet6(r5, &(0x7f0000000240)={0xa, 0x2, 0x1000, @empty}, 0x1c)
syz_emit_ethernet(0x3e, &(0x7f0000000200)={@local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x1, 0x6, '\x00', 0x8, 0x3a, 0xff, @private0, @mcast2, {[], @echo_reply={0x81, 0x0, 0x0, 0x2, 0x9}}}}}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x4, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffe}, [@call={0x85, 0x0, 0x0, 0x23}]}, 0x0, 0xfffffffe, 0x0, 0x0, 0x727c45cd4283345, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x5, 0x0, 0x0, 0x40e00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000208500000001000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000001380)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="180900001200000000000000fe000000850000006d"], &(0x7f0000000980)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x65)

1.128474167s ago: executing program 1 (id=4411):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={0x0}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x27, 0x1, 0x0, 0x0, 0x0, 0x7, 0x1018, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_config_ext={0x8, 0x6}, 0x2021, 0x10000, 0x0, 0x6, 0x8, 0x20005, 0xb, 0x0, 0x0, 0x0, 0x20000006}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB], 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0}, 0x18)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, 0x0, 0x8042)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="6000000009060103000000f79af92fb9269c3f000900020073797a3100000000050001000700000038000780060004404e21000005000700ff0000000c000180080001400a0101010c00028008000140e00000020c00148008000140"], 0x60}, 0x1, 0x0, 0x0, 0x10004893}, 0x80)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {0x7}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x810}, 0x20004000)

1.09834694s ago: executing program 0 (id=4412):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x7, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'dummy0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd2b, 0xfffffffc, {0x60, 0x0, 0x0, r3, {0x0, 0x8}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0xfffffffffffffe2d, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xfff, 0x40, 0x172}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x3000c81c)

1.069025493s ago: executing program 0 (id=4413):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0x7, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'dummy0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd2b, 0xfffffffc, {0x60, 0x0, 0x0, r3, {0x0, 0x8}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0xfffffffffffffe2d, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0xfff, 0x40, 0x172}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x3000c81c)

1.042452375s ago: executing program 0 (id=4414):
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000001bc0)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESDEC, @ANYBLOB="b022fd84099290ab8ebe39cfc17f80bc2926131e9437a1dea9ca1756900531c14b67f7a9edd0d80c7c73649053153a8d8db6d3c0d3b3fa951f57d14071b61a27d968a0ae7bd580d2d9fd9034451c3ecffae80b234e72fb11e3a60c1208bd5262c5009e3e45582ed4203850292ed682fc5e26f5c2af47718ee5b4f2ed68f0b21b813ec22c4c61d3f22f5a01ebea6c484d8ef4ca90180b4587e0bee2f782fef574aa1e0ebc5d9e42452910d03c12feff7848f72ac5430476b9dc2457a09efdc6f181c408abe7b30cccd2c8fb85389e1cacd4f4b29a3d4a55941bf1bb416203732d6712d5a89470876ae6daec66f3fe1b39982c2781b115e20af7ce0a0c7c77db1073adc6e11597bd9f540f90f60b92dc84a5c764379c0b9426ff4f547182502633aa754dcfc63e46c7cef8e3a0c29bf5184ac150e90d884c59cba3dae7c531fb114534292629d8532c0f67ee37f2c349ea8f28199aff2aa335df5db411287a73adfbfff212cf7b6d277a361c55af160d98b5c3db84da37d80e07269c33f60f111ec3c09d8843e1f5499e71de9b48882b9415d45b20393888ec49f307d535580947b5a5b40b465382aa4a579f317d91792f8ed70e9401863bc0a21d7e15f828ae8f13c673a30cba6f10f89c8a018cc8bbe7072ffe1c5d4ef11f0f82cf967faef8608f8b289245f87607917b0c2578dbbe5186ac78b8cd9a5aff567aebe8a73dd547fdc503885a2df4953f3497688b7b1ede6a2e529b25ecc246a7bcb00077059d7e0100aa20cb4d1dbac6eec0a9f803601c799eddb9b271f0530842291167abffb982fe47a496e884ee3c17850f970cb3ac3342b832b8b984e2eb4836afb7727f7310a347add2a1094cfff7b44516593bbf15f3a9e0e2a788e99bdec6706ae9a39b4f8983ae38d4cdf866d9670de91036ea86646f195ec4b4ce462ea624b8875825262a301f9235496b935506109287bbcf4754e3fa637428a2e39a80cd07ffafd756839abddc721421754fcae705ab432fcdd6f3c004dfad9e6bfa87746dd41649dcd2bf1728a3d6d2ddf27a52957422a27f9e478530873d9f1861b71f2378540648b171bcbd44533723ae1a89e56e2f570c0571eb3c66fac65e3abad003a828f2d21cc990e57b80dd3762fe1204eb320591d6a93f9052b80494b2f52ad89d6374cf33040e2484c3384946450bb65835d65bebb4a91c0f82e598e5aa7ff9ba79f27bbd46240287721d2759fa24cec97658d8f17b3f424293f7253b74dae4b966c8089c546936953d8ce63463c26f1e296f56e17e7f890b6001ed5d9f739036842e989b40c02d3fe5227b1fb08a98f1b1f0c336346698e70171e74e40c5304a356b29c947672f8a0535b7ce3a66b276d09ca3d9fff030e41598649a310875f5b5801c471182c1f617c907f06b5f36a1f9294b0f4a95d0fc98682b1e38f2f94fb08f20c5e5c7afaa9fbbd84734a98dd9b33188f6b79334b09ca8e2de56457242f904b114a2c313b193fe421d7fa97da5ab77f363e83b4698bf903022d13826ded79a905f07f97dc0fc4cc290b969ee37075a4a80a0d86d0696eeea2048ebd1a97f8319b3342e515ae5c9e25ee933d926ae0f31af55aeb07da6508756ac9549ba8bbc0095a17cb647df12f926e595a531d7208ef75cfd6239f65a0584121c75e00f7c77990b90e6350b1a84eba4430979bb726ab02050573af29156bed8e243527593dc0c6de41d0b6775818a96ee97d153826a217e8d7e88c6c44baa781a495afeba3882a06f5b1a87b1e8ee1edf404ac3ade6f5af1f6cd22c01506b5f84befb55c86f79b56e4d5754be8f564f57852f991c2275cbf55937666e022c2b2f0d020156152377859b345f74fe66791421e5571a7900df89c9bef5c3cb19113fae5d524ae2edea5ca91baf096c02e1e860c9b5a97882da598ef1e39fcb61d83f997675a772ac37c0fbe65a9d379b9204a915fdb6a7c7cdbd14c0893cd5e8cfd56f4021756d6c6a25b258a69922a41f3c7bc43b69f46293b381a27ae5a3cfcf2526f8eadcb540ec87d6009d6a2939882140f9a447c5be4328a0681aa3002f6a9dfd836b362fb1d423d7c9571aeb50e2a6acb9ab4e85574baf27b1028db0f6647aa7fe995c1fbf8ab422bb15acf9ae6de73972c9549cb601297bbb1c740e8761af16c4785c4827b5dc5e52f4a82000f6f87670ec19fea4e04e564fc83c0ccf1b7fa2bb9ac3e56addfa7f5f6d1d3d3c92dea5de9fa42f1414a769b0cdc40e306fee0ad66573628b83a07fe087fcb3377848e1a7869e592c83bb594284da28a4f5db381059d56e5d4989042dadbbe6000b66184ca8fe9d293f6c70988f3d7b8ee00546a21aaeca498ae06fa7becc5a55914c7a1ab714d955a8b0bd72e8d6bbf4dd451b525fcbc9fb5c10747dee3c755d39be5c2d52345c56185a8d6cee878b72255acabf7dbefafaed94838532fd01ea6244c4ac929de6846084a07d19de7098e62b613775abe326d402f707c4fbb3968b0aac7f1f27537cbdecee19151b310bcbe2c848ef41eea747e85f87d5a160b2cb6b28d137e30c69770c1651e44a66f8e3394bec03c8256b89fd59bec449c6a2bdb351f53d05e463f75b834624b8c7b557dc38a398d726d0846fc2f062b5b32d10af38ce844c6811aaef73ace1d86813bc37433670f6180f9bd112ae00133077fc7a0bd12d7b4b3a53a3c16a9cb0e8112f18691aa3bd2215afdaa1d00c8ea4f4a302ea9ebc94afaad2549f646a8ae66b953fa9cd649a02c4b152cc6c7b55d99ddc3d0fd1fcd84da355eb02581dba9e4d9dd235d2d4c4e094161440e70926221d76ce70c8762485c8b801550cc208e5d1bfd184e622ff0950a912dd47163c838fd562f09ca1690e76da55a471ec67cb83bbb103975bd4683f0393ec8b843f55ba2c0bdc6c90b50031cfe751792bd5d0cb50c8ee93086794e18c4ed66d6bd09b499f8ff2f63a8920701ab0af5b4b75402b1d65b1eb515dc46e181a1699f21e67349c904f02f8358e28faff2ade65703d14dc2774b02acc731eee0941675502d95e0c32a7304f6e9af85ef220daea0de24cf79e35a59412e62835d3032f88d9ed7befd4f708bfd2d236bd188b6f951bbe13e3add84f111e20324a523426611ec15fb376e7306cbec6867f0b945047a4facf78154e68a66a36972d5a18af1403baa9b4b51fddd072ee1f0087add02485b40323bd708b76406e10a927a913d91c5d771d3aeb3cfafb54b1016785c61ed13060d5f1b550676a656b874fd392ae61c5044218df55cbb72b819990ffdb130fb17a14f7cb5a2a8aafedc6526d83762dbf320f15758030eeecf5652dccf04cdc68827400c768a21daff47212b87357ff0bcb36cae4d113a5d9815b07332cb42329321664d93e43e6dcd6115987007fc623088004f8ac943736eb2a045a25b1bbfbbc97571eabf875d924f6b7b0e524b1afa0ff499473aa7976de83b91928e84f8e445728778fe0e5a356a57f09ed254848cec31b7c5c9c7a2fca21befe15ffc9317e96f7ad582684ce625791b99563781bf64983e77be4f1a5893beec4b560fc15e9c21dd0c29bf2879dfaa257ba5ec97957050d5b2c1f25eb4064488c139dbf88f3b7c70850d6fdbf0603cdd4011bf76e0d9ee5c2b128b50dba5689a8f04d4caf62d777eab31aab4b4195da780901352d284885bf417eb05367ee1b5f2f8c5cfe7f0394fb977f3a3f96084375e22ccf6c3ee4659d68d2b1948a4a1783a4db2282c67d39613fa67be4dd144793b76c09dd563ef3d169f34318acbd62d3b2d64f9173d16e9801132918c3390172c6f64d049b4c894d593419e5f4d5a513fc5a64ddcd05b034e6d16fe88ff89a520c464f842ad5a62a6fc46f0e9d56d05d6f5e625d25f537cca62910981dd463255318d8273db13d27fdc6c17c2c54776ba3a246c413957f297b8ecb1adb5c3f1d4d8e4d7705bdb9268f956d2845b68511edd51cdc5d05de5d6d4b3f573592986fed325f1f3c6a9ef7740f9d843e11981d1ca515c7e722ec4d691c5e4d3a146e39bcf407f66418f754bb2508cb4cc843aa9d8eb63850e5b9103682ecc1fc8f972f394be9d31cb9efd0f693d4ec41fe8d0993b45d2f422f9ab604d3371c1bda1daa3206a027c4de5c8f2cf6d1fc7e6d1423a6c71e84f24e0a4dfbf4a331deff2ae649df9681a08846efc9f0001e7ef106f1bfa25ee2799b13f1f076e30e58078d186afb65301497e982478babf143972cc7072f70829b8faee46e56a1451ff7ddd0dd35816bfa29eee361de60fbc3222e89d70f1495be94d0e82072a0e572e3055c905552e6c45d2af3d4f505a99d947667059c1c92ce2d3549077539c4cec4c07337361eeb9f78813bf9e77b0a79f391ae6eb663deb53317f61ef8ddffdbd0ca2d8095c10c106b0968325bc1e88829d92399b809f1b881e9b9f0aeada5c5ee20fd0866070e3d5d41e62f5b6d2d25441babcdf9d3dc8ae3c140a6f352daf00ed38e248b236acd27f24bdebae0f272a5820ef77fb603fe3cc910a9d842129259e61d25dcf546cd770e4cccab470b20fa5f5972a6dd15853483de6e032f9726c166e81e8e0f9db4df397cc4a10b6e58708a31f48d7d2bae4ef92828c37088068b2ae433110dc7c08e6017d8b26e4e0382ca8fa62dc6f53c4cc2f0f78af72335c494f57f2414afe247e2291c395895bb18f701b6f4331feb759110c543dd94a238e782ad552047677558a50e7683d71a9e222fd19a9343e1d64528640a8099dedd19e4c747dda18ff25b15bddf750a54533b6ecfc75ad4a2909485f7fd759d45c74727b2e7300eae71a8784f5dd7f25b4b000ed3254264131cbbae316fb3a3bfbeb309dd2d18104629db354f447791eb882bf0333a520b8dba745b673d071b07e1de3e02fe751a1cf5908435b1a38edbd60483abdb15452c868844ceb96c449ab72999a55c79f9ce7405797142ef7095b4caf99d7bbe51cd4e963e4ffbbd2648761abd3894b5420a0add261ff9c0eff61aafd1ac5195ff15cadb5b0c7ce34d4d2d68146f3dae677e833b8be0f8a876153bb65398def38e4bf539d3a00047b19c483062fc1c2547b7d4f7d99b7035212ccfffeeb21ed7bbd6165ac7fbafbca3cef86fff655305706dd0baa607c50543bb0d66f0f4dbdd9c365fdb7b875dc5e7ee59afccc321ad1e31cc84687afda71231bb2e4dc3ce79ff3ce4bbafed8821a5b71bbf3844f110e2dd9557b596ac792d97506d22c0410bce435e20fa2e2d435361b5b6ac85f44763769723a7b629258f45e10578f70bef2e9c05af8032e357697dfcd30de9b3e953a36d6cb7a03ce69288b663f692793904dd8fb4ab6dc31ddf7f6942ef84c1e68c78bf9974f830ee2fccca84113cee98b47ed41a87fe610c5348dc38d4ada19862772317a70754870347ad87dbbb4c52349b0261aa8e108fcf387b24d4e2a77ba76e8472fd74ab6fa021277a24ef7a48d395b0fd1f9c0cf83bac56b433ffbfe5984a362e337969febf259988162c2b4842bd2fc0b230fee93a085003e615088abfe41889f7b5e0f380ffe55b66c1f7419993c3dd4aac5891494a183ddca2e415e1749489c925715f3c44d94b90d2d735f2b923bdbbbf1646580ab135356a9ee29bc19e73ded9a33798a69d248574e0c9e9f40a1c1ba52bc66a578d08b75f271a9e9f447efede09d6b3b57e0aa6322c18fd6f5e1c9d2753e0a6513cc04124ab89802eb9c504f0e5550868ab597629d7cc7447ed1b01b2ff4cf511aa098710b208b5aa0f595039a2f0e7294c5fe3b0c3e6c40000000000000000000000000000000002588beb10115f4b22f4ac997c86c49201ee9dceb2142ae61555bbbc4ef8cdd468a8ffbe6cbfc8877dd87292c70e10669bc99d8d5710f7719cc2cffc86cd529b6da2511d07aef4a1d9533ab58a76f80ad7fe91a17397d3c83481", @ANYBLOB="fe2ecf20a9a17bd2ed7e803f830375c150a1f848f604c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c3288311b7414705e975eb3f1b77a120", @ANYRES64], 0x8, 0x2eb, &(0x7f00000004c0)="$eJzs3E1PE10UwPHTF0pbAmXx5DGaGG50o5sJVNdKYyAxNpEgNb4kJgNMtenYkpkGU2NEV26NH8IFYcmORPkCbNzpxo07NiYuZGEc0+kMhTKAlNIi/H8JmcPce6b3zgzk3AnD+r23T4t5W8vrFQnHlYRERDZEBiUsvpC3DbtxTLZ6JZf7fnw+f+f+g1uZbHZsUqnxzNSVtFJqYOjDsxcJr9tKr6wNPlr/nv629v/a2fXfU08KtirYqlSuKF1Nl79W9GnTULMFu6gpNWEaum2oQsk2rHp7ud6eN8tzc1Wll2b7k3OWYdtKL1VV0aiqSllVrKqKPNYLJaVpmupPCvaTW5yc1DMtJs+0eTA4IpaV0SMiktjRklvsyoAAAEBXNdf/YVHtrP+XLqxW+u4uD3j1/0osqP6/+qV+rG31f1xEAut///MD63/9YPX/zorodDlU/Y/jYSi2Y1eoEdYarYye9H5+Xa8fLg27AfU/AAAAAAAAAAAAAAAAAAAAAAD/gg3HSTmOk/K3/leviMRFxP8+IDUiIte7MGS00SGuP06Axot70QER8818bj5X33odVkXEFEOGJSW/3PvBU4v9N49UzaB8NBe8/IX5XMRtyeSl4OaPSKpHmvMdZ/xmdmxE1W3P75Hk1vy0pOS/4Px0YH5MLl3ckq9JSj7NSFlMmXXH0ch/OaLUjdvZpvyE2w8AAAAAgJNAU5sC1++atlt7PX9zfd38fCDSWF8PB67Po3Iu2t25AwAAAABwWtjV50XdNA1rjyAh+/dpPYge0ZH9Gf5tlv+3DEc30z0C/8O3NcW9nW0/LaEDnJZdgrC0kjVUm4067Cz8x0a79ZGJ0c5fQTc48+79z/Yd8NpyfJ+Zth5E9r4Bejr2CwgAAABAxzSKfn/PaHcHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKdSJ/47W7TkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8WfAAAA//+SWQVN")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
fdatasync(r0)

1.007493858s ago: executing program 4 (id=4415):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000005"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x11, 0xc, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x18)
r2 = syz_open_procfs(0x0, &(0x7f0000000200)='net/udplite6\x00')
close_range(r2, 0xffffffffffffffff, 0x0)

1.006891098s ago: executing program 1 (id=4416):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001800)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a0ef010095"], &(0x7f0000000280)='GPL\x00', 0x7, 0x0, 0x0, 0x41100, 0x62, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='kmem_cache_free\x00', r0}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000400)=[{0x200000000006, 0x0, 0x2, 0x7ffc0002}]})
semctl$SEM_INFO(0x0, 0x2, 0x13, &(0x7f0000000e00)=""/219) (fail_nth: 2)

970.656682ms ago: executing program 4 (id=4417):
r0 = socket$rds(0x15, 0x5, 0x0)
r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x4, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9ee6, 0x200000005}, 0x104022, 0x0, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYRES16=r1, @ANYRES32=r0, @ANYRES8=r1, @ANYRESOCT=r1], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$kcm(0x10, 0x2, 0x4)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000000000000006dfeff00850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x400}, 0x94)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x3}, &(0x7f0000001fee)='R\x10rust\xe3c*s\xa8rVid:\xc4e', 0x0)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001d40)={&(0x7f0000000000)='hrtimer_start\x00', r2}, 0x10)
perf_event_open(&(0x7f0000000180)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000cc0)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = semget$private(0x0, 0x7, 0x180)
socket$nl_generic(0x10, 0x3, 0x10)
semop(r3, &(0x7f0000000200)=[{0x4, 0xa7dd, 0x3000}], 0x1)
socket$nl_route(0x10, 0x3, 0x0)
r4 = mq_open(&(0x7f00000001c0)='\x00', 0x800, 0x20, &(0x7f0000000340)={0x8, 0x8, 0x1})
r5 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000000)=0x13)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000080)=0x8)
ioctl$TCSETSW2(r5, 0x402c542c, &(0x7f00000000c0)={0xfffffff8, 0x0, 0xfffbfffd, 0x981, 0x47, "0441920887e8d2b791f19dd026d76d7fcb3678", 0x4, 0x200})
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000180)=0x4)
mq_timedsend(r4, &(0x7f0000000380)="63a8697946002ce5fe3a807437ba8893a5af8698502c3eb05a778a731b1e38c26f93d7098ac50151f3f52d08a2a6212187bfc4409f2998f90e63016a9148be814924685382867b8a2a7217e9e825063224339706b2c579e0a5", 0x59, 0xe2, &(0x7f0000000400))
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0x3, &(0x7f0000000580)=ANY=[@ANYBLOB="1806000000000000000000000000000095000000000000002de21270bde2c47510a3fe3d9fd2b3bb6c987dd438ddf0ad339b1490d713c3075af839f78e0a4f1f0d04e8b27f3edf936680432ad82258f37e2b1b3ea3fda018cfec34389948b8633410"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x82200, 0x40, '\x00', 0x0, @flow_dissector=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

711.278465ms ago: executing program 1 (id=4418):
bpf$MAP_CREATE(0x0, &(0x7f0000001b80)=ANY=[@ANYBLOB="0600000004000000080000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x200}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x21, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r0}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r1, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

710.426375ms ago: executing program 1 (id=4419):
r0 = syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000640)='./file0\x00', 0x0, &(0x7f0000000100)={[{@init_itable_val={'init_itable', 0x3d, 0x1}}, {@errors_remount}, {@dioread_lock}, {@barrier}, {@bsdgroups}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x2000}}]}, 0x1, 0x783, &(0x7f0000001340)="$eJzs3M9rXOUaAOD3nGaa/si9kwt3ce+mCi20UDpJmk27Mm7ETaFQcFtDMgkhJ5mSmdQkFpq6E4TabFQE0b1Lt0Kpf4A7KSi4F0RrXKibkTOZTNt0Zjptk04bnwdO5vvOfN9533dm8uUcyJkA/rFezX8kEUMRcTEiis39aUQcbLQORaxvjdu8d20q35Ko1y/9kuTTYrNebB0raT4ejcaU+F9E3ClEnH7v0bjV1bX5ySwrLzX7I7WFKyPV1bUzcwuTs+XZ8uLY+PnRc+Pj50bHd63WE2+dP3zr2zc2Nr77qnbz2MCZJCYadUeztl0L9ICt16QQEzv2L+5FsD5Kehgz8BzyAACgu/w8/0Dz3KwQxTjQ7SzNCRwAAAC8lOqD9V792fNIAAAA4AWTRL8zAAAAAPbW9v8BbN/bu1f3wXby8+sRMdwu/kDjHuKIQ1GIiCObyUO3HyRb0+CZrN+IiNsTbT5/vdzR3N3o/ebh3Tkiu+12vv5MtFt/0tb6E23Wn4Ht7054Rp3Xv/vxD3RY/y72GOPrz/5f6Bj/RnXl/WPt4iet+EmH+G/3GP/mxge3Oj1X/yLiZNu/P8lDsbp8P8TIzFzW7lerle6dv07d7Vx/xJFH4idJI2rSvf4rPdb/7uZv8+td4p863v3934o/+NC8/DPxYTOPNCJuNR/z/saOGMcXvv/m0cjJ+nb86Q6vf/v3/81W/Z/3WP+PXw6u9DgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGtKIGIokLbXaaVoqRRyNiP/GkTSrVGunZyrLi9P5cxHDUUhn5rLyaEQUt/pJ3h9rtO/3z+7oj0fEf344vBV0LiuXpirZdL+LBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoOVoRAxFkpYiIo2I34tpWir1OysAAABg1w33OwEAAABgz7n+BwAAgP3vaa//k13OAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANjXLl64kG/1zXvXpvL+9NXV5fnK1TPT5ep8aWF5qjRVWbpSmq1UZrNyaaqy8LjjpRExdj6WV0Zq5WptpLq6dnmhsrxYuzy3MDlbvlwuPJeqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFJDjS1JSxGRNtppWipF/CsihqOQzMxl5dGI+HdE3C0WBvP+WL+TBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNdVV9fmJ7OsvPRyN+r7q5yeG5FEvABpdGh80nxXuo1J1iP6nmraTPRZjhPxJLOuP+Zl6XfjlT6tRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9Fd1dW1+MsvKS9V+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB/pT8lEZFvJ4snhnY+ezD5o9h4jIh3Pr300cpkrbY0lu//tbW/9nFz/9kHJl5/njUAAADAvvfakwzevk7fvo4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVXV1bX4yy8pLe9iIG/2uEgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBp/BwAA//9Js7nR") (async)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b7030000000000de850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) (async)
quotactl$Q_QUOTAON(0xffffffff80000102, &(0x7f0000000140)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) (async)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000010000000000000000030000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
clock_gettime(0x0, &(0x7f0000000300)={<r4=>0x0, <r5=>0x0})
utimensat(r0, &(0x7f0000000280)='./file0/file0\x00', &(0x7f0000000500)={{r4, r5/1000+60000}, {0x0, 0xea60}}, 0x0) (async, rerun: 32)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) (rerun: 32)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]}) (async)
getdents64(0xffffffffffffffff, 0x0, 0x0) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10)
r7 = socket$inet_smc(0x2b, 0x1, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYRESDEC=r3, @ANYRESOCT=r2, @ANYRES64=r2, @ANYRES16=r6], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000f80)={{r8}, &(0x7f0000000f00), &(0x7f0000000f40)=r9}, 0x20)
r10 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r10, 0x6, 0x21, &(0x7f0000000040)="5766b1020affff20c311df259149e300", 0x10) (async)
accept4$tipc(r10, 0x0, 0x0, 0x80000)
getsockopt$inet_mreqn(r10, 0x0, 0x20, 0x0, &(0x7f0000000080)) (async)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000180)='sys_enter\x00', r11, 0x0, 0x5}, 0x18) (async)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) (async)
rename(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file1\x00') (async, rerun: 64)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r7, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'veth0_virt_wifi\x00', 0x2000000}, 0x18) (rerun: 64)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r7, 0x0, 0x48c, &(0x7f00000002c0)={0x1, 'ipvlan1\x00', 0x100}, 0x18)

640.806781ms ago: executing program 1 (id=4420):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000002c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x3000046, &(0x7f00000134c0)={[{@dioread_nolock}, {@noauto_da_alloc}, {@inlinecrypt}, {@sysvgroups}, {@data_err_ignore}, {@barrier_val={'barrier', 0x3d, 0x7f}}, {@data_err_ignore}, {@grpquota}, {@dioread_nolock}, {@nobarrier}, {@resuid}, {@quota}]}, 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x114)
unlinkat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x16, 0xe, &(0x7f0000001480)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d55906000000000f0000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd8000000000000080231c61ccd106cb937b450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9ccd5788029901e5a79d8b9990ace8f74087f25ad50c4608800"/686], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000340)}, 0x42)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000080)="05804ab382844306d758e620b9dc", 0x0, 0x12c4, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x4, &(0x7f0000000a00)=ANY=[@ANYBLOB="180100000700002c0000000000000004850000002a00000095"], &(0x7f0000000080)='syzkaller\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80001}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x18)
r3 = socket$caif_seqpacket(0x25, 0x5, 0x2)
sendmsg$inet(r3, &(0x7f0000000500)={&(0x7f0000000180)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x3f}}, 0x10, &(0x7f0000000400)=[{&(0x7f00000001c0)}], 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="78000000000000000000000007000000830f4f00000000e00000026401010244149581ffffffff00000400ffffffff00000007899b6751709fa539000001ac1e0101ac1e0001ac1414aa442cf060000000ff0000003100000040000000400000800100000008ffffff010000000700007ff700000009000014000000000000000000000001000000fbffffff"], 0x90}, 0x840)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4], 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8ff20c2c10f0093d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
pipe2(&(0x7f0000000300)={<r6=>0xffffffffffffffff}, 0x0)
pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x0)
tee(r6, r7, 0x4e, 0x0)

640.216902ms ago: executing program 0 (id=4421):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r0, 0x10e, 0x4, &(0x7f0000000640)=0x1802, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000240)={[{@noblock_validity}, {}, {@sysvgroups}, {@resuid={'resuid', 0x3d, 0xee01}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nodelalloc}, {@grpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58000000020605000000000000000000000000000900020073797a3100000000050005000a000000050001000600000013000300686173683a6e65742c696661636500000c0007800800124005000000050004"], 0x58}, 0x1, 0x0, 0x0, 0x1}, 0x800)
rename(&(0x7f0000000180)='./file1\x00', 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000001000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000100006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a0000000000008500"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000a80)='kfree\x00', r2, 0x0, 0xfffffffffffffffd}, 0x18)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000007c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file2\x00', 0x2200000, &(0x7f0000000240)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@user_xattr}]}, 0x3, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
bpf$MAP_CREATE(0x0, &(0x7f0000001e80)=ANY=[@ANYBLOB="0b000000080000000c000000ffffffff01"], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xb, 0xd, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r4, 0x0, 0xfffffffffffffffc}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', 0xffffffffffffffff, 0x0, 0xfffffffffffffffe}, 0x18)
r5 = socket$kcm(0xa, 0x2, 0x0)
sendmsg$sock(r5, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e22, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000001f80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d00000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0xfd, &(0x7f00000004c0)=[{&(0x7f0000000380)="2e00000010008188e6b62aa73772cc9f1ba1f848110000005e140602000000000e000a001000000002900000121f", 0x2e}], 0x1}, 0x40)
sendmsg$kcm(r6, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000040)="2e00000010008188040f80ec59acbc0413a1f848110000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x4008084)
setxattr$trusted_overlay_opaque(&(0x7f0000000080)='\x00', &(0x7f00000000c0), 0x0, 0x0, 0x3)

531.693921ms ago: executing program 3 (id=4422):
r0 = socket$kcm(0xa, 0x2, 0x0)
socket(0x2, 0x80805, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x10020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10208}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_emit_ethernet(0x1a, &(0x7f0000000000)={@multicast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @val={@void, {0x8100, 0x3, 0x1}}, {@generic={0x8864, "11703067c7e064cc"}}}, 0x0)
r1 = syz_open_dev$usbmon(&(0x7f0000000200), 0x7, 0x600400)
ioctl$MON_IOCX_GETX(r1, 0x4018920a, &(0x7f0000000340)={&(0x7f0000000280), &(0x7f00000002c0)=""/64, 0x40})
r2 = socket$netlink(0x10, 0x3, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
socket$inet(0xa, 0x1, 0x0)
sendmsg$DEVLINK_CMD_RATE_NEW(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000300)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16, @ANYBLOB="400000002000120234b6250000000e0001000f004cc8ba7b07918b851e2729300000"], 0x34}, 0x1, 0x0, 0x0, 0x40840d4}, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f00000003c0)={[{@max_batch_time={'max_batch_time', 0x3d, 0x7}}, {@journal_dev={'journal_dev', 0x3d, 0x1}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6a}}, {@user_xattr}, {@errors_remount}, {@nouid32}]}, 0x1, 0x441, &(0x7f00000011c0)="$eJzs28tvG8UfAPDv2kn66zP5VeXRBxAoiIpH0qSl9MAFBBIHkJDgUI4hSatQt0FNkGgVQUCoHFEl7ogjEv8AnOCCgBMSV7ijShXKpYWT0dq7ie3aaZI62RR/PtK2M7tjzXw9O/bMThxAzxpO/0ki9kTE7xExWM82Fxiu/3draWHy76WFySSq1Tf/Smrlbi4tTOZF89ftzjN9EaVPkzjcpt65y1fOT1Qq05ey/Oj8hfdG5y5feXbmwsS56XPTF8dPnz55Yuz5U+PPdSXONK6bhz6cPXLw1bevvT555to7P3+T5PG3xNElw6tdfKJa7XJ1xdrbkE76CmwI61KuD9Por43/wSjHSucNxiufFNo4YFNVq9Xq/Z0vL1aB/7Akim4BUIz8iz5d/+bHFk09toUbL9YXQGnct7KjfqUvSlmZ/pb1bTcNR8SZxX++TI/YnOcQAABNvk/nP8+0m/+VovG50L5sD2UoIv4fEfsj4lREHIiI+yJqZR+IiAfXWX/rJsnt85/S9Q0Ftkbp/O+FbG+ref6Xz/5iqJzl9tbi70/OzlSmj2fvybHo35Hmx1ap44eXf/u807XG+V96pPXnc8GsHdf7djS/ZmpifuJuYm504+OIQ33t4k+WdwKSiDgYEYc2WMfMU18f6XTtzvGvogv7TNWvIp6s9/9itMSfS1bfnxz9X1Smj4/md8Xtfvn16hud6r+r+Lsg7f9dbe//5fiHksb92rn113H1j8/ar2n2bfz+H0jeajr3wcT8/KWxiIHktXqjG8+Pt5QbXymfxn/saPvxvz9W3onDEZHexA9FxMMR8UjWd49GxGMRcXSV+H966fF3O13bDv0/ta7+X0kMROuZ9ony+R+/a6p0aD3xp/1/spY6lp1Zy+ffWtq1sbsZAAAA7j2liNgTSWlkOV0qjYzU/4b/QOwqVWbn5p8+O/v+xan6bwSGor+UP+kabHgeOpYt6/P8eEv+RPbc+Ivyzlp+ZHK2MlV08NDjdncY/6k/y0W3Dth0fq8Fvcv4h95l/EPvMv6hd7UZ/zuLaAew9dp9/39UQDuArdcy/m37QQ+x/ofe1Tj+kwLbAWw93//Qk+Z2xp1/JN8DiYHt0Yx7KBGltRf+Nrvbim6zxNoTBX8wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMm/AQAA//8iOuPQ")
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000080)=ANY=[], 0xfe37, 0x0)
perf_event_open(&(0x7f0000000500)={0x2, 0x80, 0x28, 0x1, 0x0, 0x0, 0x0, 0x9, 0x640b9, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x107b7e, 0x2, @perf_config_ext={0x0, 0x3fff8000}, 0x0, 0x32, 0x43a1bd76, 0x7, 0x9, 0x6, 0x2, 0x0, 0x0, 0x0, 0x2009}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
syz_clone3(&(0x7f0000000740)={0x8180080, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[0xffffffffffffffff], 0x1}, 0x58)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0)
write$P9_RREADLINK(r3, &(0x7f0000000000)={0xffffffffffffff23, 0x17, 0x2, {0x7, './file0'}}, 0xfffffdab)
sendmsg$sock(r0, &(0x7f0000000400)={&(0x7f0000000580)=@in6={0x2, 0x4e20, 0x0, @dev}, 0x80, 0x0, 0x0, &(0x7f0000000000)=[@mark={{0x14, 0x1, 0x24, 0x3}}], 0x18}, 0x0)

407.392483ms ago: executing program 2 (id=4423):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000008b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = io_uring_setup(0x6f6, &(0x7f00000003c0)={0x0, 0x0, 0x802, 0x8000, 0x4})
io_uring_register$IORING_REGISTER_BUFFERS2(r1, 0xf, &(0x7f0000005500)={0x3, 0x0, 0x0, &(0x7f0000005480)=[{0x0}, {0x0}, {&(0x7f0000005380)=""/255, 0xff}], &(0x7f00000054c0)}, 0x20)

321.73928ms ago: executing program 2 (id=4424):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000001040)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x8c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x60, 0x3, 0x0, 0x1, [{0x5c, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_EXPRESSIONS={0x50, 0xb, 0x0, 0x1, [{0x2c, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x3}, @NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0x10000}]}}}, {0x20, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x10, 0x2, 0x0, 0x1, [@NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x80000000}]}}}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0xf0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

305.515092ms ago: executing program 2 (id=4425):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed07449e000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x45, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet_sctp(r1, &(0x7f0000000880)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0)
sendmmsg$inet_sctp(r1, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{&(0x7f0000000300)="359cb6", 0x3}], 0x1, &(0x7f0000000000)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c000400"/44, @ANYRES32=0x0], 0x30}], 0x1, 0x0)

286.678144ms ago: executing program 2 (id=4426):
r0 = socket$rds(0x15, 0x5, 0x0)
prlimit64(0x0, 0x8, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmmsg$inet6(r1, &(0x7f0000000140)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x2, @empty, 0xfffffffe}, 0x1c, 0x0}}], 0x1, 0x20080058)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xb2570000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000040)={<r6=>0xffffffffffffffff}, 0x2, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r5, &(0x7f0000000300)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f0000000200)=[{0x12, 0x0, [0x2, 0xffffffff, 0x3, 0x5c8a, 0xb, 0x2, 0x10, 0x0, 0x6, 0x4, 0x40, 0x5c89951a, 0x73, 0x2, 0x0, 0x5]}, {0x2b, 0x0, [0x8, 0x9, 0x43, 0xff, 0x7, 0x3, 0x6, 0x9, 0xfffffe01, 0x8, 0x0, 0x9, 0x9, 0x0, 0x9313, 0x7fffffff]}], r6, 0x1, 0x1, 0x90}}, 0x20)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000c80)={'lo\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18}}}, @TCA_STAB={0x4}]}, 0x4c}}, 0x0)
write$RDMA_USER_CM_CMD_BIND(r4, &(0x7f0000000340)={0x14, 0x88, 0xfa00, {r6, 0x1c, 0x0, @ib={0x1b, 0x6, 0xfffffffe, {}, 0x63, 0x8}}}, 0x90)
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x2000000}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f0000003a00)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000180)=""/29, 0x1d}, {&(0x7f00000001c0)=""/23, 0x17}], 0x2, &(0x7f0000000400)=""/72, 0x48}, 0xffffffff}, {{&(0x7f0000000580)=@l2tp={0x2, 0x0, @remote}, 0x80, &(0x7f0000000940)=[{&(0x7f00000020c0)=""/91, 0x5b}, {&(0x7f0000003c40)=""/131, 0x83}, {&(0x7f0000000780)=""/94, 0x5e}, {&(0x7f0000000600)=""/58, 0x3a}, {&(0x7f0000000800)=""/67, 0x43}, {&(0x7f0000000880)=""/165, 0xa5}], 0x6, &(0x7f00000009c0)=""/31, 0x1f}, 0x9}, {{&(0x7f0000000a00)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @dev}}}, 0x80, &(0x7f0000000c80)=[{&(0x7f0000000ac0)=""/45, 0x2d}, {&(0x7f0000003d00)=""/198, 0xc6}, {&(0x7f0000000c00)=""/86, 0x56}], 0x3}, 0x86}, {{&(0x7f0000000cc0)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @initdev}}}, 0x80, &(0x7f0000001f00)=[{&(0x7f0000000d40)=""/4096, 0x1000}, {&(0x7f0000001d40)=""/165, 0xa5}, {&(0x7f0000001e00)=""/238, 0xee}], 0x3, &(0x7f0000001f40)=""/209, 0xd1}, 0xffffffff}, {{&(0x7f0000002040)=@isdn, 0x80, &(0x7f0000002240)=[{&(0x7f0000000080)=""/5, 0x5}, {&(0x7f0000002180)=""/121, 0x79}, {&(0x7f0000000b00)=""/158, 0x9e}], 0x3, &(0x7f0000002280)=""/203, 0xcb}, 0x1}, {{&(0x7f0000002380)=@in6={0xa, 0x0, 0x0, @private0}, 0x80, &(0x7f0000003780)=[{&(0x7f0000002400)=""/223, 0xdf}, {&(0x7f0000000000)=""/23, 0x17}, {&(0x7f0000000500)=""/71, 0x47}, {&(0x7f00000025c0)=""/164, 0xa4}, {&(0x7f0000002680)=""/4096, 0x1000}, {&(0x7f0000003680)=""/234, 0xea}], 0x6, &(0x7f00000006c0)=""/184, 0xb8}, 0x6}, {{&(0x7f00000038c0)=@generic, 0x80, &(0x7f0000003980)=[{&(0x7f0000003940)}], 0x1, &(0x7f00000039c0)}, 0x7}], 0x7, 0x10000, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x58eeca21)
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x3, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000002000000000000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x1169, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r11 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x68, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x56, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r11, 0x0, 0x8000000008}, 0x15)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r10, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x320e, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r0)
bpf$MAP_CREATE(0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48)

86.512622ms ago: executing program 4 (id=4427):
r0 = epoll_create1(0x80000)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/power/wakeup_count', 0x0, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0)={0xe000001a})
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000000))

70.177693ms ago: executing program 3 (id=4428):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x398fba87178c1956, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r0}, 0x10)
capset(&(0x7f0000000c00)={0x20080522}, &(0x7f0000000280)={0x0, 0x3, 0x7, 0x0, 0x1003d, 0x8f})

43.099026ms ago: executing program 4 (id=4429):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c812e5d6000"})
r1 = syz_open_pts(r0, 0x0)
dup3(r1, r0, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000010000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3, 0x0, 0x1}, 0x18)
syz_mount_image$vfat(&(0x7f0000000ec0), &(0x7f0000000180)='./file1\x00', 0x420c, &(0x7f0000003240)=ANY=[], 0x6, 0x35d, &(0x7f0000000f00)="$eJzs3c1rO0UYwPEnaZImKW1yEEVBOtiLXpY2ehaDtCAELG0jtoKwbTcasiYlG6oRse3Jq3j3JHgovVnwUND+A71404sI3noRPNiDurJvyeatLzFpfr/2+4GSycw8u7OZSXk27WYv3/3yo0rJ0kp6Q6JJJRERkSuRrEQlEPEfo245IWGH8srMnz+/uL5ZTHoVaiW/8WpOKTU3/8PHn6X8bmfTcpF9//KP3O8Xz148f/nvxodlS5UtVa01lK62a7829G3TULtlq6IptWoaumWoctUy6l77d/52zNreXlPp1d3Z9F7dsCylV5uqYjRVo6Ya9abSP9DLVaVpmppNC25SPF5b0/NDBu+MeDAYk3o9r0+JSKqnpXg8kQEBAICJ6s7/o05KP0z+vyVzhcLymnI6t/P/k5fOGzPvnM75+f9Zol/+/9ov3rY68n/ndKKd/9e884PSzfn/13KH/L83I3pchs7/s2MYDIYzn+ipinQ8c/L/tP/+dR29d7LoFsj/AQAAAAAAAAAAAAAAAAAAAAB4GlzZdsa27UzwGPy0LyHwn+NBGjT/0yKSdGbfZv4fsvXNLUm6F+45c2x+sV/cL3qPfodzETHF+Mfu5qyN4Moj5cjKj+aBH3+wX5xyW/IlKTvxsiQZybrrKRRv2ytvFZaXlMePb12mlA7H5yQjz4Tjv3dXpxOf64z395+QlxdC8Zpk5KcdqYkpu25ke/+fLyn15tuFrviU209Efrv3SQEAAAAAYMQ01dL3/F3TBrV73zKSL7kfExmyKBn5u//5/WLf8/NY5oXYpI8eAAAAAIDHwWp+WtElatTdgmn2K6RkYNMICrGOmriI9O2c6KqJX7flqdAR3nY8CfHuYPJ/j+ub4FW9S1TwjxTOwFtN/h1VZLjxBMfv1kRiw09T5FDcBXAYborKLcJj3YOfdypU384LA7dz5B9Iqyb42Cgx4HWW1d7tRK9ZCfGeGjsy3AJ47qtv/xrdG+T1U38FfHJz5yPTsA/kNpPSVXB20dsUH/svHgAAAAD3rp30BzVvhJvDNxIJ3yyHv9wDAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBCY/lKv67CpI8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFL8FwAA//8GuPOT")
r4 = openat(0xffffffffffffff9c, &(0x7f00000005c0)='./bus\x00', 0x101042, 0x0)
pwrite64(r4, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)

1.153799ms ago: executing program 2 (id=4430):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000c40)={0x11, 0xc, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000001480)='GPL\x00', 0x5, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='kfree\x00', r0, 0x0, 0x4804}, 0x18)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000400)=0x14)
sendmsg$nl_route_sched(r1, &(0x7f0000006280)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000740)=@newtaction={0x98, 0x30, 0x1, 0x0, 0x0, {0x0, 0x0, 0x6a00}, [{0x84, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x80d, 0x0, 0x10000000, 0x5, 0x4}, 0x1, r3}}]}, {0x4, 0xa}, {0xc}, {0xc}}}, @m_mpls={0x30, 0x2, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x4008001}, 0x0)

0s ago: executing program 3 (id=4431):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYRESHEX], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0xf, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000180)='kfree\x00', r0}, 0x18) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000800), 0xffffffffffffffff) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x18) (async)
r4 = socket$qrtr(0x2a, 0x2, 0x0)
connect$qrtr(r4, &(0x7f0000000000)={0x2a, 0x0, 0x7ffe}, 0xc)
bind$qrtr(r4, &(0x7f00000000c0)={0x2a, 0x1, 0x7fff}, 0xc)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x8f0, &(0x7f0000002400)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r5, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}]) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xd, 0x3, &(0x7f0000000000)=@framed, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x94)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) (async)
r8 = socket$unix(0x1, 0x5, 0x0)
r9 = dup2(r8, r7)
close_range(r9, 0xffffffffffffffff, 0x0)
r10 = io_uring_setup(0x868, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x8000})
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r10, 0x14, &(0x7f0000000000)=[0xffffffff], 0x2) (async)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002e40)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="8b332ebd700000000000150000000c009900040000003a00000004001d"], 0x38}, 0x1, 0x0, 0x0, 0x4000800}, 0x40000) (async)
r11 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IP_VS_SO_SET_ZERO(r11, 0x0, 0x48f, &(0x7f0000000040)={0x87, @loopback, 0x4e21, 0x2, 'nq\x00', 0x10, 0xc6a, 0x47}, 0x2c)

kernel console output (not intermixed with test programs):

mpat=0 ip=0x7f216880df90 code=0x7ffc0000
[  324.901957][T14613] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  324.924536][T13253] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  324.933818][T20094] loop3: detected capacity change from 0 to 512
[  324.955481][T20094] EXT4-fs (loop3): 1 orphan inode deleted
[  324.962069][T20094] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  324.974741][T11088] EXT4-fs error (device loop3): ext4_release_dquot:7022: comm kworker/u8:32: Failed to release dquot type 1
[  324.986460][T20094] ext4 filesystem being mounted at /225/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  325.015386][T14613] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  325.363565][T20126] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4025'.
[  325.969652][T20153] loop2: detected capacity change from 0 to 512
[  325.985634][T20153] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  326.013424][T20153] EXT4-fs (loop2): 1 truncate cleaned up
[  326.084160][T20153] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  326.415089][T13253] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  326.485745][T20176] bio_check_eod: 210 callbacks suppressed
[  326.485760][T20176] syz.4.4041: attempt to access beyond end of device
[  326.485760][T20176] loop4: rw=2049, sector=153, nr_sectors = 8 limit=128
[  326.514333][T20176] syz.4.4041: attempt to access beyond end of device
[  326.514333][T20176] loop4: rw=2049, sector=169, nr_sectors = 8 limit=128
[  326.529032][T20167] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  326.537999][T20167] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  326.545854][T20176] syz.4.4041: attempt to access beyond end of device
[  326.545854][T20176] loop4: rw=2049, sector=185, nr_sectors = 8 limit=128
[  326.568926][T20176] syz.4.4041: attempt to access beyond end of device
[  326.568926][T20176] loop4: rw=2049, sector=201, nr_sectors = 8 limit=128
[  326.591412][T20175] set_capacity_and_notify: 1 callbacks suppressed
[  326.591454][T20175] loop2: detected capacity change from 0 to 512
[  326.604993][T20176] syz.4.4041: attempt to access beyond end of device
[  326.604993][T20176] loop4: rw=2049, sector=217, nr_sectors = 8 limit=128
[  326.618755][T20175] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  326.618824][T20176] syz.4.4041: attempt to access beyond end of device
[  326.618824][T20176] loop4: rw=2049, sector=233, nr_sectors = 8 limit=128
[  326.618862][T20176] syz.4.4041: attempt to access beyond end of device
[  326.618862][T20176] loop4: rw=2049, sector=249, nr_sectors = 8 limit=128
[  326.618937][T20176] syz.4.4041: attempt to access beyond end of device
[  326.618937][T20176] loop4: rw=2049, sector=265, nr_sectors = 8 limit=128
[  326.669649][T20176] syz.4.4041: attempt to access beyond end of device
[  326.669649][T20176] loop4: rw=2049, sector=281, nr_sectors = 8 limit=128
[  326.683266][T20176] syz.4.4041: attempt to access beyond end of device
[  326.683266][T20176] loop4: rw=2049, sector=297, nr_sectors = 8 limit=128
[  326.683494][T20175] EXT4-fs (loop2): 1 truncate cleaned up
[  326.712920][T20175] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  326.790672][T20194] veth0: entered promiscuous mode
[  326.797101][T20194] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4042'.
[  326.933184][T13253] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  326.960670][T20208] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4049'.
[  326.985410][T20215] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4050'.
[  326.995147][T20215] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[  327.091683][T20227] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4052'.
[  327.466531][T20204] Set syz1 is full, maxelem 65536 reached
[  327.502719][T20239] loop2: detected capacity change from 0 to 128
[  327.729463][T20256] lo speed is unknown, defaulting to 1000
[  327.736115][T20256] lo speed is unknown, defaulting to 1000
[  328.097674][T20258] lo speed is unknown, defaulting to 1000
[  328.104009][T20258] lo speed is unknown, defaulting to 1000
[  328.168346][T20258] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  328.176754][T20258] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  328.548375][T20313] netlink: 'syz.1.4060': attribute type 10 has an invalid length.
[  328.564650][T20313] bond0: (slave dummy0): Releasing backup interface
[  328.574964][T20313] netlink: 'syz.1.4060': attribute type 10 has an invalid length.
[  328.575854][T20312] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4062'.
[  328.585564][T20313] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  328.591965][T20312] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[  328.683115][T20318] loop3: detected capacity change from 0 to 764
[  328.691592][T20318] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  328.702619][T20318] Symlink component flag not implemented
[  328.709166][T20318] Symlink component flag not implemented (7)
[  328.746326][T20324] loop3: detected capacity change from 0 to 512
[  328.781632][T20324] EXT4-fs (loop3): 1 orphan inode deleted
[  328.794422][T20324] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  328.807116][T11073] EXT4-fs error (device loop3): ext4_release_dquot:7022: comm kworker/u8:19: Failed to release dquot type 1
[  328.832853][T20324] ext4 filesystem being mounted at /237/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  329.003621][T20307] syz.1.4060 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  329.017801][T20307] CPU: 1 UID: 0 PID: 20307 Comm: syz.1.4060 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  329.017836][T20307] Tainted: [W]=WARN
[  329.017845][T20307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  329.017859][T20307] Call Trace:
[  329.017873][T20307]  <TASK>
[  329.017882][T20307]  __dump_stack+0x1d/0x30
[  329.017903][T20307]  dump_stack_lvl+0x95/0xd0
[  329.018031][T20307]  dump_stack+0x15/0x1b
[  329.018118][T20307]  dump_header+0x81/0x240
[  329.018141][T20307]  oom_kill_process+0x295/0x350
[  329.018166][T20307]  out_of_memory+0x97b/0xb80
[  329.018223][T20307]  try_charge_memcg+0x610/0xa10
[  329.018263][T20307]  obj_cgroup_charge_pages+0xa6/0x150
[  329.018302][T20307]  __memcg_kmem_charge_page+0x9f/0x170
[  329.018332][T20307]  __alloc_frozen_pages_noprof+0x18f/0x360
[  329.018364][T20307]  alloc_pages_mpol+0xb3/0x260
[  329.018436][T20307]  alloc_pages_noprof+0x90/0x130
[  329.018461][T20307]  __vmalloc_node_range_noprof+0xa7b/0x1310
[  329.018501][T20307]  __kvmalloc_node_noprof+0x492/0x6b0
[  329.018570][T20307]  ? ip_set_alloc+0x24/0x30
[  329.018600][T20307]  ? ip_set_alloc+0x24/0x30
[  329.018632][T20307]  ip_set_alloc+0x24/0x30
[  329.018666][T20307]  hash_netiface_create+0x282/0x740
[  329.018762][T20307]  ? __pfx_hash_netiface_create+0x10/0x10
[  329.018843][T20307]  ip_set_create+0x3cc/0x970
[  329.018877][T20307]  ? _raw_spin_unlock+0x26/0x50
[  329.018940][T20307]  nfnetlink_rcv_msg+0x4c6/0x590
[  329.019054][T20307]  netlink_rcv_skb+0x123/0x220
[  329.019080][T20307]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  329.019169][T20307]  nfnetlink_rcv+0x167/0x16c0
[  329.019193][T20307]  ? kmem_cache_free+0xe3/0x3a0
[  329.019214][T20307]  ? __kfree_skb+0x109/0x150
[  329.019308][T20307]  ? nlmon_xmit+0x4f/0x60
[  329.019324][T20307]  ? consume_skb+0x49/0x150
[  329.019344][T20307]  ? nlmon_xmit+0x4f/0x60
[  329.019360][T20307]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  329.019391][T20307]  ? __dev_queue_xmit+0x13a6/0x1ee0
[  329.019459][T20307]  ? __dev_queue_xmit+0x148/0x1ee0
[  329.019562][T20307]  ? ref_tracker_free+0x37d/0x3e0
[  329.019685][T20307]  ? __netlink_deliver_tap+0x4dc/0x500
[  329.019720][T20307]  netlink_unicast+0x5c0/0x690
[  329.019772][T20307]  netlink_sendmsg+0x58b/0x6b0
[  329.019874][T20307]  ? __pfx_netlink_sendmsg+0x10/0x10
[  329.019949][T20307]  __sock_sendmsg+0x145/0x180
[  329.019966][T20307]  ____sys_sendmsg+0x31e/0x4a0
[  329.019991][T20307]  ___sys_sendmsg+0x17b/0x1d0
[  329.020026][T20307]  __x64_sys_sendmsg+0xd4/0x160
[  329.020109][T20307]  x64_sys_call+0x17ba/0x3000
[  329.020200][T20307]  do_syscall_64+0xca/0x2b0
[  329.020354][T20307]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  329.020378][T20307] RIP: 0033:0x7fe6cf71f749
[  329.020438][T20307] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  329.020454][T20307] RSP: 002b:00007fe6ce187038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  329.020473][T20307] RAX: ffffffffffffffda RBX: 00007fe6cf975fa0 RCX: 00007fe6cf71f749
[  329.020488][T20307] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000005
[  329.020502][T20307] RBP: 00007fe6cf7a3f91 R08: 0000000000000000 R09: 0000000000000000
[  329.020516][T20307] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  329.020528][T20307] R13: 00007fe6cf976038 R14: 00007fe6cf975fa0 R15: 00007ffe7525b5a8
[  329.020550][T20307]  </TASK>
[  329.345939][T20307] memory: usage 307200kB, limit 307200kB, failcnt 5920
[  329.352905][T20307] memory+swap: usage 307580kB, limit 9007199254740988kB, failcnt 0
[  329.360814][T20307] kmem: usage 307160kB, limit 9007199254740988kB, failcnt 0
[  329.368161][T20307] Memory cgroup stats for /syz1:
[  329.368630][T20307] cache 0
[  329.376469][T20307] rss 0
[  329.379311][T20307] shmem 0
[  329.382275][T20307] mapped_file 0
[  329.385787][T20307] dirty 0
[  329.388745][T20307] writeback 0
[  329.392088][T20307] workingset_refault_anon 593
[  329.396750][T20307] workingset_refault_file 5973
[  329.401535][T20307] swap 389120
[  329.404814][T20307] swapcached 8192
[  329.408457][T20307] pgpgin 220833
[  329.411962][T20307] pgpgout 220823
[  329.415566][T20307] pgfault 235672
[  329.419113][T20307] pgmajfault 405
[  329.422632][T20307] inactive_anon 0
[  329.424993][T20333] loop4: detected capacity change from 0 to 1024
[  329.426242][T20307] active_anon 8192
[  329.426270][T20307] inactive_file 0
[  329.434204][T20333] EXT4-fs: inline encryption not supported
[  329.436304][T20307] active_file 32768
[  329.436313][T20307] unevictable 0
[  329.436322][T20307] hierarchical_memory_limit 314572800
[  329.436331][T20307] hierarchical_memsw_limit 9223372036854771712
[  329.436350][T20307] total_cache 0
[  329.436356][T20307] total_rss 0
[  329.436363][T20307] total_shmem 0
[  329.436369][T20307] total_mapped_file 0
[  329.436376][T20307] total_dirty 0
[  329.436383][T20307] total_writeback 0
[  329.436390][T20307] total_workingset_refault_anon 593
[  329.436397][T20307] total_workingset_refault_file 5973
[  329.460327][T20333] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  329.464546][T20307] total_swap 389120
[  329.464555][T20307] total_swapcached 8192
[  329.464564][T20307] total_pgpgin 220833
[  329.473780][   T29] kauditd_printk_skb: 281 callbacks suppressed
[  329.473794][   T29] audit: type=1326 audit(1767910400.152:47126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20332 comm="syz.4.4066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  329.474740][T20307] total_pgpgout 220823
[  329.474750][T20307] total_pgfault 235672
[  329.474759][T20307] total_pgmajfault 405
[  329.474767][T20307] total_inactive_anon 0
[  329.480369][   T29] audit: type=1326 audit(1767910400.162:47127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20332 comm="syz.4.4066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  329.482170][T20307] total_active_anon 8192
[  329.482181][T20307] total_inactive_file 0
[  329.482190][T20307] total_active_file 32768
[  329.485965][   T29] audit: type=1326 audit(1767910400.162:47128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20332 comm="syz.4.4066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  329.485987][   T29] audit: type=1326 audit(1767910400.162:47129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20332 comm="syz.4.4066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  329.486038][   T29] audit: type=1326 audit(1767910400.162:47130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20332 comm="syz.4.4066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  329.491251][T20307] total_unevictable 0
[  329.491262][T20307] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null)
[  329.496514][   T29] audit: type=1326 audit(1767910400.162:47131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20332 comm="syz.4.4066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  329.508913][T20307] ,cpuset=/
[  329.512696][   T29] audit: type=1326 audit(1767910400.162:47132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20332 comm="syz.4.4066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  329.516821][T20307] ,mems_allowed=0,oom_memcg=
[  329.520795][   T29] audit: type=1326 audit(1767910400.162:47133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20332 comm="syz.4.4066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  329.520821][   T29] audit: type=1326 audit(1767910400.162:47134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20332 comm="syz.4.4066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  329.526959][T20307] /syz1,task_memcg=
[  329.550613][   T29] audit: type=1326 audit(1767910400.162:47135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20332 comm="syz.4.4066" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  329.554580][T20307] /syz1,task=syz.1.4060,pid=20306,uid=0
[  329.818978][T20307] Memory cgroup out of memory: Killed process 20306 (syz.1.4060) total-vm:93968kB, anon-rss:1140kB, file-rss:22376kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  329.869613][T14613] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  330.281832][T15428] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  330.504825][T20359] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4071'.
[  330.689667][T20365] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4073'.
[  330.698825][T20365] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[  330.744392][T20367] loop2: detected capacity change from 0 to 1024
[  330.751227][T20367] EXT4-fs: Ignoring removed nomblk_io_submit option
[  330.796983][T20367] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  330.903347][T20371] loop3: detected capacity change from 0 to 512
[  330.916217][T20371] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  330.962632][T20371] EXT4-fs (loop3): 1 truncate cleaned up
[  330.994102][T20371] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  331.116404][T20395] loop4: detected capacity change from 0 to 1024
[  331.123227][T20388] netlink: 'syz.2.4074': attribute type 10 has an invalid length.
[  331.138402][T20395] EXT4-fs: Ignoring removed nomblk_io_submit option
[  331.156023][T20388] bond0: (slave dummy0): Releasing backup interface
[  331.164487][T20388] team0: Port device dummy0 added
[  331.172066][T20388] netlink: 'syz.2.4074': attribute type 10 has an invalid length.
[  331.181210][T20395] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  331.193594][T20388] team0: Port device dummy0 removed
[  331.215076][T20388] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  331.270651][T20402] netlink: 'syz.4.4082': attribute type 10 has an invalid length.
[  331.280382][T20402] bond0: (slave dummy0): Releasing backup interface
[  331.287640][T20402] dummy0: left allmulticast mode
[  331.293800][T20402] netlink: 'syz.4.4082': attribute type 10 has an invalid length.
[  331.302124][T20402] dummy0: left promiscuous mode
[  331.308546][T20402] dummy0: entered allmulticast mode
[  331.313844][T20402] dummy0: entered promiscuous mode
[  331.329420][T20402] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  331.340808][T14613] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  331.365373][T20407] loop3: detected capacity change from 0 to 1024
[  331.372404][T20407] EXT4-fs: Ignoring removed nomblk_io_submit option
[  331.390057][T20407] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  331.473458][T20411] netlink: 'syz.3.4083': attribute type 10 has an invalid length.
[  331.485752][T20366] syz.2.4074 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  331.496745][T20366] CPU: 0 UID: 0 PID: 20366 Comm: syz.2.4074 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  331.496774][T20366] Tainted: [W]=WARN
[  331.496778][T20366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  331.496785][T20366] Call Trace:
[  331.496790][T20366]  <TASK>
[  331.496842][T20366]  __dump_stack+0x1d/0x30
[  331.496857][T20366]  dump_stack_lvl+0x95/0xd0
[  331.496870][T20366]  dump_stack+0x15/0x1b
[  331.496881][T20366]  dump_header+0x81/0x240
[  331.496898][T20366]  oom_kill_process+0x295/0x350
[  331.496912][T20366]  out_of_memory+0x97b/0xb80
[  331.496968][T20366]  try_charge_memcg+0x610/0xa10
[  331.497007][T20366]  charge_memcg+0x51/0xc0
[  331.497031][T20366]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  331.497050][T20366]  __read_swap_cache_async+0x17b/0x2d0
[  331.497125][T20366]  swap_cluster_readahead+0x262/0x3c0
[  331.497191][T20366]  swapin_readahead+0xde/0x820
[  331.497206][T20366]  ? __rcu_read_unlock+0x4f/0x70
[  331.497271][T20366]  ? __perf_event_task_sched_in+0xa5b/0xac0
[  331.497284][T20366]  ? __list_add_valid_or_report+0x38/0xe0
[  331.497328][T20366]  ? __rcu_read_unlock+0x4f/0x70
[  331.497339][T20366]  ? swap_cache_get_folio+0x277/0x280
[  331.497359][T20366]  do_swap_page+0x2b4/0x21e0
[  331.497409][T20366]  ? _raw_spin_unlock+0x26/0x50
[  331.497461][T20366]  ? __schedule+0x85f/0xcd0
[  331.497474][T20366]  ? __pfx_default_wake_function+0x10/0x10
[  331.497506][T20366]  handle_mm_fault+0x9d8/0x2c60
[  331.497528][T20366]  do_user_addr_fault+0x630/0x1080
[  331.497613][T20366]  exc_page_fault+0x62/0xa0
[  331.497628][T20366]  asm_exc_page_fault+0x26/0x30
[  331.497640][T20366] RIP: 0033:0x7f7671e359ec
[  331.497650][T20366] Code: 66 0f 1f 44 00 00 69 3d c6 fc ea 00 e8 03 00 00 48 8d 1d c7 05 38 00 e8 c2 9c 12 00 eb 0c 48 81 c3 f0 00 00 00 48 39 eb 74 24 <80> 7b 20 00 74 ee 8b 43 0c 85 c0 74 e7 48 89 df 48 81 c3 f0 00 00
[  331.497717][T20366] RSP: 002b:00007ffee0ea5660 EFLAGS: 00010202
[  331.497727][T20366] RAX: 0000000000000000 RBX: 00007f76721b5fa0 RCX: 0000000000000000
[  331.497740][T20366] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000055557e52c808
[  331.497747][T20366] RBP: 00007f76721b7da0 R08: 0000000000000000 R09: 7fffffffffffffff
[  331.497754][T20366] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000050f1f
[  331.497761][T20366] R13: 00007f76721b6180 R14: ffffffffffffffff R15: 00007ffee0ea5770
[  331.497772][T20366]  </TASK>
[  331.497835][T20366] memory: usage 307200kB, limit 307200kB, failcnt 4284
[  331.536932][T20412] netlink: 'syz.3.4083': attribute type 10 has an invalid length.
[  331.537984][T20366] memory+swap: usage 308100kB, limit 9007199254740988kB, failcnt 0
[  331.538001][T20366] kmem: usage 307048kB, limit 9007199254740988kB, failcnt 0
[  331.755087][T20366] Memory cgroup stats for /syz2:
[  331.755594][T20366] cache 8192
[  331.763750][T20366] rss 0
[  331.766508][T20366] shmem 0
[  331.769451][T20366] mapped_file 0
[  331.772979][T20366] dirty 0
[  331.775896][T20366] writeback 12288
[  331.779628][T20366] workingset_refault_anon 977
[  331.784357][T20366] workingset_refault_file 2269
[  331.786108][T20411] bond0: (slave dummy0): Releasing backup interface
[  331.789197][T20366] swap 921600
[  331.789207][T20366] swapcached 16384
[  331.802782][T20366] pgpgin 183474
[  331.806301][T20366] pgpgout 183436
[  331.809844][T20366] pgfault 323576
[  331.813421][T20366] pgmajfault 639
[  331.816941][T20366] inactive_anon 16384
[  331.820909][T20366] active_anon 0
[  331.824411][T20366] inactive_file 135168
[  331.828467][T20366] active_file 4096
[  331.832206][T20366] unevictable 0
[  331.835649][T20366] hierarchical_memory_limit 314572800
[  331.841011][T20366] hierarchical_memsw_limit 9223372036854771712
[  331.847133][T20366] total_cache 8192
[  331.850837][T20366] total_rss 0
[  331.854114][T20366] total_shmem 0
[  331.857549][T20366] total_mapped_file 0
[  331.861607][T20366] total_dirty 0
[  331.865056][T20366] total_writeback 12288
[  331.869241][T20366] total_workingset_refault_anon 977
[  331.874430][T20366] total_workingset_refault_file 2269
[  331.879791][T20366] total_swap 921600
[  331.883657][T20366] total_swapcached 16384
[  331.887889][T20366] total_pgpgin 183474
[  331.891885][T20366] total_pgpgout 183436
[  331.895932][T20366] total_pgfault 323576
[  331.900086][T20366] total_pgmajfault 639
[  331.904137][T20366] total_inactive_anon 16384
[  331.908635][T20366] total_active_anon 0
[  331.912596][T20366] total_inactive_file 135168
[  331.917221][T20366] total_active_file 4096
[  331.921468][T20366] total_unevictable 0
[  331.925431][T20366] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.4074,pid=20366,uid=0
[  331.940266][T20366] Memory cgroup out of memory: Killed process 20366 (syz.2.4074) total-vm:96148kB, anon-rss:1136kB, file-rss:22704kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000
[  331.961944][T20412] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  332.015468][T20419] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4085'.
[  332.031946][T20419] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[  332.201779][T20421] dummy0: entered promiscuous mode
[  332.210228][T20424] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  332.218822][T20424] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  332.234553][T20421] macvtap1: entered allmulticast mode
[  332.240322][T20421] bond0: entered allmulticast mode
[  332.255879][T13253] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  332.258210][T20421] dummy0: entered allmulticast mode
[  332.284262][T20421] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  332.291972][T15428] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  332.323147][T20421] bond0: left allmulticast mode
[  332.341906][T14613] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  332.357237][T20421] dummy0: left allmulticast mode
[  332.362246][T20421] dummy0: left promiscuous mode
[  332.391907][T20417] lo speed is unknown, defaulting to 1000
[  332.397888][T20417] lo speed is unknown, defaulting to 1000
[  332.431364][T20434] lo speed is unknown, defaulting to 1000
[  332.459894][T20434] lo speed is unknown, defaulting to 1000
[  332.483546][T20468] loop2: detected capacity change from 0 to 128
[  332.492649][T20468] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  332.517767][T20468] ext4 filesystem being mounted at /240/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  332.548341][T20468] netlink: 700 bytes leftover after parsing attributes in process `syz.2.4091'.
[  332.587353][T20477] loop3: detected capacity change from 0 to 1024
[  332.613717][T20477] EXT4-fs: inline encryption not supported
[  332.650529][T20477] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  332.801260][T20477] EXT4-fs error (device loop3): mb_free_blocks:2037: group 0, inode 15: block 225:freeing already freed block (bit 14); block bitmap corrupt.
[  332.970152][T20517] bond0: (slave dummy0): Releasing backup interface
[  332.994535][T20517] dummy0: left allmulticast mode
[  332.999531][T20517] dummy0: left promiscuous mode
[  333.010144][T20518] random: crng reseeded on system resumption
[  333.022801][T20518] netlink: 'syz.4.4097': attribute type 10 has an invalid length.
[  333.029151][T20517] bridge_slave_0: left allmulticast mode
[  333.030762][T20518] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4097'.
[  333.036225][T20517] bridge_slave_0: left promiscuous mode
[  333.050822][T20517] bridge0: port 1(bridge_slave_0) entered disabled state
[  333.059772][T20517] bridge_slave_1: left allmulticast mode
[  333.065392][T20517] bridge_slave_1: left promiscuous mode
[  333.071104][T20517] bridge0: port 2(bridge_slave_1) entered disabled state
[  333.080088][T20517] bond0: (slave bond_slave_0): Releasing backup interface
[  333.087903][T20517] bond_slave_0: left allmulticast mode
[  333.093464][T20517] bond_slave_0: left promiscuous mode
[  333.100741][T20517] bond0: (slave bond_slave_1): Releasing backup interface
[  333.109670][T20517] bond_slave_1: left allmulticast mode
[  333.115133][T20517] bond_slave_1: left promiscuous mode
[  333.124899][T20517] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  333.141862][T20518] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check.
[  333.184211][T20521] loop4: detected capacity change from 0 to 1024
[  333.191371][T20521] EXT4-fs: Ignoring removed nomblk_io_submit option
[  333.209707][T20521] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  333.284500][T20525] netlink: 'syz.4.4098': attribute type 10 has an invalid length.
[  333.294854][T20525] dummy0: entered allmulticast mode
[  333.300165][T20525] dummy0: entered promiscuous mode
[  333.306624][T20525] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  333.326352][T13253] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  333.352551][T20529] loop2: detected capacity change from 0 to 1024
[  333.359654][T20529] EXT4-fs: Ignoring removed nomblk_io_submit option
[  333.371668][T20529] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  333.436440][T14613] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  333.460431][T20533] bond0: (slave dummy0): Releasing backup interface
[  333.471167][T20533] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  333.482568][T20533] team0: Failed to send options change via netlink (err -105)
[  333.490161][T20533] team0: Port device dummy0 added
[  333.511792][T20541] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4102'.
[  333.514476][T20533] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  333.543183][T20533] team0: Failed to send options change via netlink (err -105)
[  333.557649][T20533] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  333.583062][T20533] team0: Port device dummy0 removed
[  333.597764][T20533] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  333.690759][T20548] loop3: detected capacity change from 0 to 512
[  333.697856][T20548] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  333.709000][T20548] EXT4-fs (loop3): orphan cleanup on readonly fs
[  333.715560][T20548] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix.
[  333.730147][T20548] EXT4-fs (loop3): Cannot turn on quotas: error -22
[  333.736727][T20548] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.4100: bad orphan inode 768
[  333.747925][T20548] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  333.766297][T20548] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=20548 comm=syz.3.4100
[  333.779184][T20548] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=20548 comm=syz.3.4100
[  333.791948][T20548] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=20548 comm=syz.3.4100
[  333.804677][T20548] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2572 sclass=netlink_route_socket pid=20548 comm=syz.3.4100
[  333.817479][T20548] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2562 sclass=netlink_route_socket pid=20548 comm=syz.3.4100
[  333.830163][T20548] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2574 sclass=netlink_route_socket pid=20548 comm=syz.3.4100
[  333.896193][T20521] syz.4.4098 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  333.910341][T20521] CPU: 0 UID: 0 PID: 20521 Comm: syz.4.4098 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  333.910373][T20521] Tainted: [W]=WARN
[  333.910381][T20521] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  333.910393][T20521] Call Trace:
[  333.910408][T20521]  <TASK>
[  333.910417][T20521]  __dump_stack+0x1d/0x30
[  333.910443][T20521]  dump_stack_lvl+0x95/0xd0
[  333.910463][T20521]  dump_stack+0x15/0x1b
[  333.910484][T20521]  dump_header+0x81/0x240
[  333.910565][T20521]  oom_kill_process+0x295/0x350
[  333.910585][T20521]  out_of_memory+0x97b/0xb80
[  333.910606][T20521]  try_charge_memcg+0x610/0xa10
[  333.910679][T20521]  obj_cgroup_charge_pages+0xa6/0x150
[  333.910708][T20521]  __memcg_kmem_charge_page+0x9f/0x170
[  333.910734][T20521]  __alloc_frozen_pages_noprof+0x18f/0x360
[  333.910783][T20521]  alloc_pages_mpol+0xb3/0x260
[  333.910810][T20521]  alloc_pages_noprof+0x90/0x130
[  333.910841][T20521]  __vmalloc_node_range_noprof+0xa7b/0x1310
[  333.911005][T20521]  __kvmalloc_node_noprof+0x492/0x6b0
[  333.911034][T20521]  ? ip_set_alloc+0x24/0x30
[  333.911058][T20521]  ? ip_set_alloc+0x24/0x30
[  333.911108][T20521]  ? __slab_alloc+0x25/0x50
[  333.911131][T20521]  ip_set_alloc+0x24/0x30
[  333.911155][T20521]  hash_netiface_create+0x282/0x740
[  333.911188][T20521]  ? __pfx_hash_netiface_create+0x10/0x10
[  333.911259][T20521]  ip_set_create+0x3cc/0x970
[  333.911296][T20521]  ? __nla_parse+0x40/0x60
[  333.911379][T20521]  nfnetlink_rcv_msg+0x4c6/0x590
[  333.911419][T20521]  netlink_rcv_skb+0x123/0x220
[  333.911443][T20521]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  333.911480][T20521]  nfnetlink_rcv+0x167/0x16c0
[  333.911552][T20521]  ? kmem_cache_free+0xe3/0x3a0
[  333.911577][T20521]  ? __kfree_skb+0x109/0x150
[  333.911603][T20521]  ? nlmon_xmit+0x4f/0x60
[  333.911623][T20521]  ? consume_skb+0x49/0x150
[  333.911676][T20521]  ? nlmon_xmit+0x4f/0x60
[  333.911692][T20521]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  333.911718][T20521]  ? __dev_queue_xmit+0x13a6/0x1ee0
[  333.911794][T20521]  ? __dev_queue_xmit+0x148/0x1ee0
[  333.911822][T20521]  ? ref_tracker_free+0x37d/0x3e0
[  333.911858][T20521]  ? __netlink_deliver_tap+0x4dc/0x500
[  333.911936][T20521]  netlink_unicast+0x5c0/0x690
[  333.911967][T20521]  netlink_sendmsg+0x58b/0x6b0
[  333.912005][T20521]  ? __pfx_netlink_sendmsg+0x10/0x10
[  333.912037][T20521]  __sock_sendmsg+0x145/0x180
[  333.912059][T20521]  ____sys_sendmsg+0x31e/0x4a0
[  333.912209][T20521]  ___sys_sendmsg+0x17b/0x1d0
[  333.912256][T20521]  __x64_sys_sendmsg+0xd4/0x160
[  333.912290][T20521]  x64_sys_call+0x17ba/0x3000
[  333.912313][T20521]  do_syscall_64+0xca/0x2b0
[  333.912376][T20521]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  333.912400][T20521] RIP: 0033:0x7f216880f749
[  333.912418][T20521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  333.912500][T20521] RSP: 002b:00007f216726f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  333.912583][T20521] RAX: ffffffffffffffda RBX: 00007f2168a65fa0 RCX: 00007f216880f749
[  333.912595][T20521] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000006
[  333.912607][T20521] RBP: 00007f2168893f91 R08: 0000000000000000 R09: 0000000000000000
[  333.912618][T20521] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  333.912630][T20521] R13: 00007f2168a66038 R14: 00007f2168a65fa0 R15: 00007ffe212face8
[  333.912647][T20521]  </TASK>
[  333.912653][T20521] memory: usage 307200kB, limit 307200kB, failcnt 6619
[  334.250105][T20521] memory+swap: usage 307912kB, limit 9007199254740988kB, failcnt 0
[  334.257973][T20521] kmem: usage 307056kB, limit 9007199254740988kB, failcnt 0
[  334.265255][T20521] Memory cgroup stats for /syz4:
[  334.265603][T20521] cache 8192
[  334.273833][T20521] rss 0
[  334.276591][T20521] shmem 0
[  334.279557][T20521] mapped_file 0
[  334.282996][T20521] dirty 0
[  334.285920][T20521] writeback 0
[  334.289202][T20521] workingset_refault_anon 2939
[  334.293943][T20521] workingset_refault_file 8718
[  334.298700][T20521] swap 729088
[  334.302032][T20521] swapcached 4096
[  334.305635][T20521] pgpgin 221578
[  334.309083][T20521] pgpgout 221542
[  334.312656][T20521] pgfault 285406
[  334.316182][T20521] pgmajfault 1155
[  334.319803][T20521] inactive_anon 0
[  334.323439][T20521] active_anon 4096
[  334.327135][T20521] inactive_file 0
[  334.330790][T20521] active_file 143360
[  334.334668][T20521] unevictable 0
[  334.338120][T20521] hierarchical_memory_limit 314572800
[  334.343614][T20521] hierarchical_memsw_limit 9223372036854771712
[  334.349839][T20521] total_cache 8192
[  334.353551][T20521] total_rss 0
[  334.356820][T20521] total_shmem 0
[  334.360329][T20521] total_mapped_file 0
[  334.364287][T20521] total_dirty 0
[  334.367755][T20521] total_writeback 0
[  334.371550][T20521] total_workingset_refault_anon 2939
[  334.376803][T20521] total_workingset_refault_file 8718
[  334.382071][T20521] total_swap 729088
[  334.385872][T20521] total_swapcached 4096
[  334.390012][T20521] total_pgpgin 221578
[  334.393971][T20521] total_pgpgout 221542
[  334.398021][T20521] total_pgfault 285406
[  334.402076][T20521] total_pgmajfault 1155
[  334.406228][T20521] total_inactive_anon 0
[  334.410412][T20521] total_active_anon 4096
[  334.414640][T20521] total_inactive_file 0
[  334.418827][T20521] total_active_file 143360
[  334.423224][T20521] total_unevictable 0
[  334.427201][T20521] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.4098,pid=20520,uid=0
[  334.441951][T20521] Memory cgroup out of memory: Killed process 20520 (syz.4.4098) total-vm:93968kB, anon-rss:1264kB, file-rss:22312kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[  334.478474][   T29] kauditd_printk_skb: 1205 callbacks suppressed
[  334.478487][   T29] audit: type=1326 audit(1767910405.152:48341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20546 comm="syz.1.4104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fe6cf752005 code=0x7ffc0000
[  334.548970][T15428] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  334.557369][   T29] audit: type=1326 audit(1767910405.182:48342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20546 comm="syz.1.4104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fe6cf71f749 code=0x7ffc0000
[  334.581595][   T29] audit: type=1326 audit(1767910405.182:48343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20546 comm="syz.1.4104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fe6cf71f749 code=0x7ffc0000
[  334.606108][T13253] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  334.640083][T14613] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  334.671658][T20566] loop3: detected capacity change from 0 to 128
[  334.706696][   T29] audit: type=1326 audit(1767910405.372:48344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20571 comm="syz.1.4112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6cf71f749 code=0x7ffc0000
[  334.740593][T20574] loop4: detected capacity change from 0 to 128
[  334.748951][   T29] audit: type=1326 audit(1767910405.372:48345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20571 comm="syz.1.4112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6cf71f749 code=0x7ffc0000
[  334.772631][   T29] audit: type=1326 audit(1767910405.372:48346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20571 comm="syz.1.4112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe6cf71f749 code=0x7ffc0000
[  334.796170][   T29] audit: type=1326 audit(1767910405.372:48347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20571 comm="syz.1.4112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6cf71f749 code=0x7ffc0000
[  334.819846][   T29] audit: type=1326 audit(1767910405.372:48348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20571 comm="syz.1.4112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6cf71f749 code=0x7ffc0000
[  334.843399][   T29] audit: type=1326 audit(1767910405.382:48349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20571 comm="syz.1.4112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe6cf71f749 code=0x7ffc0000
[  334.867004][   T29] audit: type=1326 audit(1767910405.382:48350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20571 comm="syz.1.4112" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6cf71f749 code=0x7ffc0000
[  335.002391][T20574] bio_check_eod: 214 callbacks suppressed
[  335.002405][T20574] syz.4.4111: attempt to access beyond end of device
[  335.002405][T20574] loop4: rw=2049, sector=169, nr_sectors = 8 limit=128
[  335.023170][T20574] syz.4.4111: attempt to access beyond end of device
[  335.023170][T20574] loop4: rw=2049, sector=185, nr_sectors = 16 limit=128
[  335.045935][T20589] loop3: detected capacity change from 0 to 512
[  335.056149][T20589] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  335.066547][T20574] syz.4.4111: attempt to access beyond end of device
[  335.066547][T20574] loop4: rw=2049, sector=209, nr_sectors = 8 limit=128
[  335.066589][T20574] syz.4.4111: attempt to access beyond end of device
[  335.066589][T20574] loop4: rw=2049, sector=225, nr_sectors = 8 limit=128
[  335.066626][T20574] syz.4.4111: attempt to access beyond end of device
[  335.066626][T20574] loop4: rw=2049, sector=241, nr_sectors = 8 limit=128
[  335.066723][T20574] syz.4.4111: attempt to access beyond end of device
[  335.066723][T20574] loop4: rw=2049, sector=257, nr_sectors = 8 limit=128
[  335.066758][T20574] syz.4.4111: attempt to access beyond end of device
[  335.066758][T20574] loop4: rw=2049, sector=273, nr_sectors = 8 limit=128
[  335.066864][T20574] syz.4.4111: attempt to access beyond end of device
[  335.066864][T20574] loop4: rw=2049, sector=289, nr_sectors = 8 limit=128
[  335.066958][T20574] syz.4.4111: attempt to access beyond end of device
[  335.066958][T20574] loop4: rw=2049, sector=305, nr_sectors = 8 limit=128
[  335.067002][T20574] syz.4.4111: attempt to access beyond end of device
[  335.067002][T20574] loop4: rw=2049, sector=321, nr_sectors = 8 limit=128
[  335.195738][T20589] EXT4-fs (loop3): 1 truncate cleaned up
[  335.204544][T20589] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  335.221954][T20600] loop4: detected capacity change from 0 to 512
[  335.231604][T20600] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  335.244843][T20600] ext4 filesystem being mounted at /219/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  335.264981][T20600] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #18: comm syz.4.4118: corrupted inode contents
[  335.277273][T20600] EXT4-fs error (device loop4): ext4_dirty_inode:6502: inode #18: comm syz.4.4118: mark_inode_dirty error
[  335.289239][T20600] EXT4-fs error (device loop4): ext4_do_update_inode:5617: inode #18: comm syz.4.4118: corrupted inode contents
[  335.301338][T20600] EXT4-fs error (device loop4): ext4_xattr_delete_inode:3000: inode #18: comm syz.4.4118: mark_inode_dirty error
[  335.313566][T20600] EXT4-fs error (device loop4): ext4_xattr_delete_inode:3003: inode #18: comm syz.4.4118: mark inode dirty (error -117)
[  335.326495][T20600] EXT4-fs warning (device loop4): ext4_evict_inode:273: xattr delete (err -117)
[  335.351758][T14613] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  335.375002][T20609] loop3: detected capacity change from 0 to 512
[  335.382270][T20609] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  335.392234][T20609] EXT4-fs (loop3): orphan cleanup on readonly fs
[  335.398929][T20609] EXT4-fs warning (device loop3): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix.
[  335.413459][T20609] EXT4-fs (loop3): Cannot turn on quotas: error -22
[  335.420036][T20609] EXT4-fs error (device loop3): ext4_orphan_get:1417: comm syz.3.4119: bad orphan inode 768
[  335.430633][T20609] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  335.444061][T20609] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=20609 comm=syz.3.4119
[  335.456834][T20609] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=20609 comm=syz.3.4119
[  335.469547][T20609] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=20609 comm=syz.3.4119
[  335.482288][T20609] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2572 sclass=netlink_route_socket pid=20609 comm=syz.3.4119
[  335.502960][T14613] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  336.149776][T15428] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  336.261524][T20643] netlink: 40 bytes leftover after parsing attributes in process `ÿ'.
[  336.322960][T20652] EXT4-fs: Ignoring removed nomblk_io_submit option
[  336.349854][T20652] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  336.467870][T20658] validate_nla: 3 callbacks suppressed
[  336.467882][T20658] netlink: 'syz.4.4130': attribute type 10 has an invalid length.
[  336.504189][T20658] bond0: (slave dummy0): Releasing backup interface
[  336.512615][T20658] dummy0: left allmulticast mode
[  336.579802][T20658] netlink: 'syz.4.4130': attribute type 10 has an invalid length.
[  336.613116][T20658] dummy0: left promiscuous mode
[  336.650593][T20658] dummy0: entered allmulticast mode
[  336.655884][T20658] dummy0: entered promiscuous mode
[  336.697946][T20658] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  336.942016][T20669] lo speed is unknown, defaulting to 1000
[  336.944753][T20671] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4135'.
[  336.958450][T20669] lo speed is unknown, defaulting to 1000
[  337.056021][T20651] syz.4.4130 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  337.067081][T20651] CPU: 0 UID: 0 PID: 20651 Comm: syz.4.4130 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  337.067113][T20651] Tainted: [W]=WARN
[  337.067119][T20651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  337.067130][T20651] Call Trace:
[  337.067135][T20651]  <TASK>
[  337.067142][T20651]  __dump_stack+0x1d/0x30
[  337.067209][T20651]  dump_stack_lvl+0x95/0xd0
[  337.067233][T20651]  dump_stack+0x15/0x1b
[  337.067253][T20651]  dump_header+0x81/0x240
[  337.067271][T20651]  oom_kill_process+0x295/0x350
[  337.067357][T20651]  out_of_memory+0x97b/0xb80
[  337.067376][T20651]  try_charge_memcg+0x610/0xa10
[  337.067433][T20651]  charge_memcg+0x51/0xc0
[  337.067491][T20651]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  337.067550][T20651]  __read_swap_cache_async+0x17b/0x2d0
[  337.067638][T20651]  swap_cluster_readahead+0x262/0x3c0
[  337.067665][T20651]  swapin_readahead+0xde/0x820
[  337.067692][T20651]  ? __rcu_read_unlock+0x4f/0x70
[  337.067720][T20651]  ? swap_cache_get_folio+0x277/0x280
[  337.067817][T20651]  do_swap_page+0x2b4/0x21e0
[  337.067863][T20651]  ? _raw_spin_unlock+0x26/0x50
[  337.067887][T20651]  ? __schedule+0x85f/0xcd0
[  337.067910][T20651]  ? __pfx_default_wake_function+0x10/0x10
[  337.067949][T20651]  handle_mm_fault+0x9d8/0x2c60
[  337.067983][T20651]  do_user_addr_fault+0x630/0x1080
[  337.068008][T20651]  exc_page_fault+0x62/0xa0
[  337.068031][T20651]  asm_exc_page_fault+0x26/0x30
[  337.068053][T20651] RIP: 0033:0x7f2168842008
[  337.068070][T20651] Code: 3c 24 48 89 4c 24 18 e8 f6 54 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 8b 74 24 0c 8b 3c 24 b8 e6 00 00 00 0f 05 44 89 c7 <48> 89 04 24 e8 4f 55 ff ff 48 8b 04 24 48 83 c4 28 f7 d8 c3 0f 1f
[  337.068089][T20651] RSP: 002b:00007ffe212fade0 EFLAGS: 00010293
[  337.068107][T20651] RAX: 0000000000000000 RBX: 00007f2168a65fa0 RCX: 00007f2168842005
[  337.068119][T20651] RDX: 00007ffe212fae20 RSI: 0000000000000000 RDI: 0000000000000000
[  337.068195][T20651] RBP: 00007f2168a67da0 R08: 0000000000000000 R09: 7fffffffffffffff
[  337.068209][T20651] R10: 0000000000000000 R11: 0000000000000293 R12: 00000000000524eb
[  337.068223][T20651] R13: 00007f2168a66180 R14: ffffffffffffffff R15: 00007ffe212faf60
[  337.068243][T20651]  </TASK>
[  337.278422][T20651] memory: usage 307200kB, limit 307200kB, failcnt 6868
[  337.285253][T20651] memory+swap: usage 307924kB, limit 9007199254740988kB, failcnt 0
[  337.293162][T20651] kmem: usage 307040kB, limit 9007199254740988kB, failcnt 0
[  337.300550][T20651] Memory cgroup stats for /syz4:
[  337.301308][T20651] cache 28672
[  337.309534][T20651] rss 0
[  337.312282][T20651] shmem 0
[  337.315206][T20651] mapped_file 0
[  337.318682][T20651] dirty 0
[  337.321622][T20651] writeback 0
[  337.324891][T20651] workingset_refault_anon 3010
[  337.329775][T20651] workingset_refault_file 8718
[  337.334662][T20651] swap 741376
[  337.338018][T20651] swapcached 0
[  337.341406][T20651] pgpgin 222758
[  337.344931][T20651] pgpgout 222718
[  337.348609][T20651] pgfault 286761
[  337.352142][T20651] pgmajfault 1215
[  337.355766][T20651] inactive_anon 0
[  337.359413][T20651] active_anon 0
[  337.362862][T20651] inactive_file 0
[  337.366511][T20651] active_file 163840
[  337.370397][T20651] unevictable 0
[  337.373864][T20651] hierarchical_memory_limit 314572800
[  337.379333][T20651] hierarchical_memsw_limit 9223372036854771712
[  337.385471][T20651] total_cache 28672
[  337.389489][T20651] total_rss 0
[  337.392857][T20651] total_shmem 0
[  337.396366][T20651] total_mapped_file 0
[  337.400366][T20651] total_dirty 0
[  337.403812][T20651] total_writeback 0
[  337.407609][T20651] total_workingset_refault_anon 3010
[  337.412914][T20651] total_workingset_refault_file 8718
[  337.418268][T20651] total_swap 741376
[  337.422064][T20651] total_swapcached 0
[  337.425944][T20651] total_pgpgin 222758
[  337.429924][T20651] total_pgpgout 222718
[  337.434028][T20651] total_pgfault 286761
[  337.438149][T20651] total_pgmajfault 1215
[  337.442316][T20651] total_inactive_anon 0
[  337.446454][T20651] total_active_anon 0
[  337.450442][T20651] total_inactive_file 0
[  337.454647][T20651] total_active_file 163840
[  337.459078][T20651] total_unevictable 0
[  337.463109][T20651] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.4130,pid=20651,uid=0
[  337.477832][T20651] Memory cgroup out of memory: Killed process 20651 (syz.4.4130) total-vm:96148kB, anon-rss:1136kB, file-rss:22316kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[  337.529074][T15428] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  337.571749][T20715] lo speed is unknown, defaulting to 1000
[  337.577931][T20715] lo speed is unknown, defaulting to 1000
[  337.679012][T20725] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4146'.
[  337.688195][T20725] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[  337.696258][T20699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  337.705043][T20699] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  337.754937][T20699] set_capacity_and_notify: 3 callbacks suppressed
[  337.754952][T20699] loop3: detected capacity change from 0 to 256
[  337.771974][T20699] FAT-fs (loop3): bogus number of FAT sectors
[  337.778052][T20699] FAT-fs (loop3): Can't find a valid FAT filesystem
[  337.790601][T11081] Bluetooth: hci0: Frame reassembly failed (-84)
[  337.815219][T20730] loop2: detected capacity change from 0 to 512
[  337.828232][T20730] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  337.846348][T20730] EXT4-fs (loop2): 1 truncate cleaned up
[  337.855852][T20730] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  338.024097][T20773] xt_hashlimit: max too large, truncated to 1048576
[  338.031372][T20773] xt_CT: You must specify a L4 protocol and not use inversions on it
[  338.065138][T13253] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  339.159890][T20805] Set syz1 is full, maxelem 65536 reached
[  339.197942][T20812] loop3: detected capacity change from 0 to 128
[  339.220786][T20818] netlink: 68 bytes leftover after parsing attributes in process `syz.4.4167'.
[  339.277029][T20824] loop2: detected capacity change from 0 to 512
[  339.310362][T20824] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  339.332506][T20824] EXT4-fs (loop2): orphan cleanup on readonly fs
[  339.342226][T20824] EXT4-fs warning (device loop2): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix.
[  339.356969][T20824] EXT4-fs (loop2): Cannot turn on quotas: error -22
[  339.363644][T20824] EXT4-fs error (device loop2): ext4_orphan_get:1417: comm syz.2.4168: bad orphan inode 768
[  339.404555][T20824] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  339.425727][T20824] selinux_netlink_send: 2 callbacks suppressed
[  339.425822][T20824] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=20824 comm=syz.2.4168
[  339.444904][T20824] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=20824 comm=syz.2.4168
[  339.457604][T20824] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=20824 comm=syz.2.4168
[  339.470316][T20824] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2572 sclass=netlink_route_socket pid=20824 comm=syz.2.4168
[  339.483027][T20824] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2562 sclass=netlink_route_socket pid=20824 comm=syz.2.4168
[  339.495844][T20824] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2574 sclass=netlink_route_socket pid=20824 comm=syz.2.4168
[  339.551579][T13253] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  339.574893][T20847] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4174'.
[  339.586370][T20843] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4173'.
[  339.598440][T20847] team0 (unregistering): Port device team_slave_0 removed
[  339.607298][T20847] team0 (unregistering): Port device team_slave_1 removed
[  339.688920][   T29] kauditd_printk_skb: 866 callbacks suppressed
[  339.688936][   T29] audit: type=1326 audit(1767910410.362:49217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20886 comm="syz.0.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc46143f749 code=0x7ffc0000
[  339.719111][   T29] audit: type=1326 audit(1767910410.362:49218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20886 comm="syz.0.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc46143f749 code=0x7ffc0000
[  339.742745][   T29] audit: type=1326 audit(1767910410.362:49219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20886 comm="syz.0.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fc46143f749 code=0x7ffc0000
[  339.766271][   T29] audit: type=1326 audit(1767910410.362:49220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20886 comm="syz.0.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc46143f749 code=0x7ffc0000
[  339.789871][   T29] audit: type=1326 audit(1767910410.362:49221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20886 comm="syz.0.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fc46143f749 code=0x7ffc0000
[  339.796522][T20851] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  339.813452][   T29] audit: type=1326 audit(1767910410.362:49222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20886 comm="syz.0.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc46143f749 code=0x7ffc0000
[  339.822365][T20851] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  339.845350][   T29] audit: type=1326 audit(1767910410.362:49223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20886 comm="syz.0.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7fc46143f749 code=0x7ffc0000
[  339.858285][   T44] Bluetooth: hci0: command 0x1003 tx timeout
[  339.876551][   T29] audit: type=1326 audit(1767910410.362:49224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20886 comm="syz.0.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc46143f749 code=0x7ffc0000
[  339.876636][   T29] audit: type=1326 audit(1767910410.362:49225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20886 comm="syz.0.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fc46143f749 code=0x7ffc0000
[  339.888346][ T3625] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  339.906169][   T29] audit: type=1326 audit(1767910410.362:49226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20886 comm="syz.0.4177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc46143f749 code=0x7ffc0000
[  339.929943][T20851] loop2: detected capacity change from 0 to 256
[  339.966399][T20851] FAT-fs (loop2): bogus number of FAT sectors
[  339.972480][T20851] FAT-fs (loop2): Can't find a valid FAT filesystem
[  340.550178][T20908] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4182'.
[  340.615269][T20919] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4183'.
[  340.629078][T20919] loop2: detected capacity change from 0 to 1024
[  340.642119][T20919] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  340.644507][T20918] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=20918 comm=syz.0.4185
[  340.666860][T20918] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=20918 comm=syz.0.4185
[  340.679545][T20918] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=20918 comm=syz.0.4185
[  340.692231][T20918] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2572 sclass=netlink_route_socket pid=20918 comm=syz.0.4185
[  340.708193][T13253] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  340.753450][T20931] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4187'.
[  340.808347][T11073] Bluetooth: hci0: Frame reassembly failed (-84)
[  341.074657][T20951] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  341.083190][T20951] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  341.382844][T20957] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4194'.
[  341.404976][T20959] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4195'.
[  341.477158][T20967] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4199'.
[  341.499986][T20971] loop3: detected capacity change from 0 to 128
[  341.507766][T20971] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  341.520270][T20971] ext4 filesystem being mounted at /267/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  341.564490][T14613] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  341.655094][T20987] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4206'.
[  341.664152][T20987] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[  341.703947][T20997] gtp0: entered promiscuous mode
[  341.730431][T21006] FAULT_INJECTION: forcing a failure.
[  341.730431][T21006] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  341.743509][T21006] CPU: 1 UID: 0 PID: 21006 Comm: syz.1.4212 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  341.743536][T21006] Tainted: [W]=WARN
[  341.743542][T21006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  341.743553][T21006] Call Trace:
[  341.743559][T21006]  <TASK>
[  341.743566][T21006]  __dump_stack+0x1d/0x30
[  341.743650][T21006]  dump_stack_lvl+0x95/0xd0
[  341.743662][T21006]  dump_stack+0x15/0x1b
[  341.743716][T21006]  should_fail_ex+0x265/0x280
[  341.743730][T21006]  should_fail+0xb/0x20
[  341.743740][T21006]  should_fail_usercopy+0x1a/0x20
[  341.743754][T21006]  _copy_from_user+0x1c/0xb0
[  341.743784][T21006]  __copy_msghdr+0x244/0x300
[  341.743812][T21006]  ___sys_sendmsg+0x109/0x1d0
[  341.743894][T21006]  __x64_sys_sendmsg+0xd4/0x160
[  341.743949][T21006]  x64_sys_call+0x17ba/0x3000
[  341.743963][T21006]  do_syscall_64+0xca/0x2b0
[  341.743982][T21006]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  341.744063][T21006] RIP: 0033:0x7fe6cf71f749
[  341.744072][T21006] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  341.744082][T21006] RSP: 002b:00007fe6ce187038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  341.744161][T21006] RAX: ffffffffffffffda RBX: 00007fe6cf975fa0 RCX: 00007fe6cf71f749
[  341.744168][T21006] RDX: 0000000000000840 RSI: 0000200000001600 RDI: 0000000000000003
[  341.744175][T21006] RBP: 00007fe6ce187090 R08: 0000000000000000 R09: 0000000000000000
[  341.744183][T21006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  341.744190][T21006] R13: 00007fe6cf976038 R14: 00007fe6cf975fa0 R15: 00007ffe7525b5a8
[  341.744201][T21006]  </TASK>
[  342.134946][T21014] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  342.143658][T21014] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  342.458816][T21027] loop4: detected capacity change from 0 to 512
[  342.469700][T21027] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  342.501954][T21027] EXT4-fs (loop4): 1 truncate cleaned up
[  342.509987][T21031] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4219'.
[  342.527371][T21031] openvswitch: netlink: Key 0 has unexpected len 2 expected 0
[  342.822771][ T3625] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  342.863247][T21063] netlink: 'syz.1.4226': attribute type 10 has an invalid length.
[  342.886006][T21063] bond0: (slave dummy0): Releasing backup interface
[  342.998377][T21072] loop4: detected capacity change from 0 to 1024
[  343.018743][T21072] EXT4-fs: inline encryption not supported
[  343.027492][T21063] netlink: 'syz.1.4226': attribute type 10 has an invalid length.
[  343.057659][T21063] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  343.227488][T21058] syz.1.4226 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  343.241602][T21058] CPU: 1 UID: 0 PID: 21058 Comm: syz.1.4226 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  343.241634][T21058] Tainted: [W]=WARN
[  343.241638][T21058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  343.241646][T21058] Call Trace:
[  343.241651][T21058]  <TASK>
[  343.241657][T21058]  __dump_stack+0x1d/0x30
[  343.241672][T21058]  dump_stack_lvl+0x95/0xd0
[  343.241753][T21058]  dump_stack+0x15/0x1b
[  343.241765][T21058]  dump_header+0x81/0x240
[  343.241817][T21058]  oom_kill_process+0x295/0x350
[  343.241831][T21058]  out_of_memory+0x97b/0xb80
[  343.241866][T21058]  try_charge_memcg+0x610/0xa10
[  343.241905][T21058]  obj_cgroup_charge_pages+0xa6/0x150
[  343.241926][T21058]  __memcg_kmem_charge_page+0x9f/0x170
[  343.241942][T21058]  __alloc_frozen_pages_noprof+0x18f/0x360
[  343.241960][T21058]  alloc_pages_mpol+0xb3/0x260
[  343.241977][T21058]  alloc_pages_noprof+0x90/0x130
[  343.242043][T21058]  __vmalloc_node_range_noprof+0xa7b/0x1310
[  343.242064][T21058]  __kvmalloc_node_noprof+0x492/0x6b0
[  343.242112][T21058]  ? ip_set_alloc+0x24/0x30
[  343.242190][T21058]  ? ip_set_alloc+0x24/0x30
[  343.242207][T21058]  ip_set_alloc+0x24/0x30
[  343.242235][T21058]  hash_netiface_create+0x282/0x740
[  343.242279][T21058]  ? __pfx_hash_netiface_create+0x10/0x10
[  343.242353][T21058]  ip_set_create+0x3cc/0x970
[  343.242371][T21058]  ? _raw_spin_unlock+0x26/0x50
[  343.242389][T21058]  nfnetlink_rcv_msg+0x4c6/0x590
[  343.242436][T21058]  netlink_rcv_skb+0x123/0x220
[  343.242489][T21058]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  343.242506][T21058]  nfnetlink_rcv+0x167/0x16c0
[  343.242519][T21058]  ? kmem_cache_free+0xe3/0x3a0
[  343.242533][T21058]  ? __kfree_skb+0x109/0x150
[  343.242566][T21058]  ? nlmon_xmit+0x4f/0x60
[  343.242659][T21058]  ? consume_skb+0x49/0x150
[  343.242702][T21058]  ? nlmon_xmit+0x4f/0x60
[  343.242713][T21058]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  343.242729][T21058]  ? __dev_queue_xmit+0x13a6/0x1ee0
[  343.242744][T21058]  ? __dev_queue_xmit+0x148/0x1ee0
[  343.242826][T21058]  ? __account_obj_stock+0x211/0x350
[  343.242837][T21058]  ? ref_tracker_free+0x37d/0x3e0
[  343.242928][T21058]  ? __netlink_deliver_tap+0x4dc/0x500
[  343.242947][T21058]  netlink_unicast+0x5c0/0x690
[  343.242987][T21058]  netlink_sendmsg+0x58b/0x6b0
[  343.243006][T21058]  ? __pfx_netlink_sendmsg+0x10/0x10
[  343.243029][T21058]  __sock_sendmsg+0x145/0x180
[  343.243108][T21058]  ____sys_sendmsg+0x31e/0x4a0
[  343.243176][T21058]  ___sys_sendmsg+0x17b/0x1d0
[  343.243198][T21058]  __x64_sys_sendmsg+0xd4/0x160
[  343.243232][T21058]  x64_sys_call+0x17ba/0x3000
[  343.243324][T21058]  do_syscall_64+0xca/0x2b0
[  343.243371][T21058]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  343.243384][T21058] RIP: 0033:0x7fe6cf71f749
[  343.243394][T21058] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  343.243404][T21058] RSP: 002b:00007fe6ce187038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  343.243416][T21058] RAX: ffffffffffffffda RBX: 00007fe6cf975fa0 RCX: 00007fe6cf71f749
[  343.243434][T21058] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000005
[  343.243442][T21058] RBP: 00007fe6cf7a3f91 R08: 0000000000000000 R09: 0000000000000000
[  343.243449][T21058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  343.243456][T21058] R13: 00007fe6cf976038 R14: 00007fe6cf975fa0 R15: 00007ffe7525b5a8
[  343.243467][T21058]  </TASK>
[  343.243502][T21058] memory: usage 307200kB, limit 307200kB, failcnt 6464
[  343.581909][T21058] memory+swap: usage 307576kB, limit 9007199254740988kB, failcnt 0
[  343.589793][T21058] kmem: usage 307156kB, limit 9007199254740988kB, failcnt 0
[  343.597067][T21058] Memory cgroup stats for /syz1:
[  343.597292][T21058] cache 0
[  343.605200][T21058] rss 4096
[  343.608211][T21058] shmem 0
[  343.611205][T21058] mapped_file 0
[  343.614635][T21058] dirty 0
[  343.617588][T21058] writeback 0
[  343.620983][T21058] workingset_refault_anon 689
[  343.625645][T21058] workingset_refault_file 6559
[  343.630427][T21058] swap 385024
[  343.633699][T21058] swapcached 12288
[  343.637533][T21058] pgpgin 234916
[  343.641238][T21058] pgpgout 234905
[  343.644786][T21058] pgfault 251568
[  343.648454][T21058] pgmajfault 487
[  343.652019][T21058] inactive_anon 12288
[  343.655992][T21058] active_anon 0
[  343.659477][T21058] inactive_file 32768
[  343.663644][T21058] active_file 0
[  343.667208][T21058] unevictable 0
[  343.670686][T21058] hierarchical_memory_limit 314572800
[  343.676049][T21058] hierarchical_memsw_limit 9223372036854771712
[  343.682215][T21058] total_cache 0
[  343.685666][T21058] total_rss 4096
[  343.689259][T21058] total_shmem 0
[  343.692700][T21058] total_mapped_file 0
[  343.696654][T21058] total_dirty 0
[  343.700121][T21058] total_writeback 0
[  343.703902][T21058] total_workingset_refault_anon 689
[  343.709158][T21058] total_workingset_refault_file 6559
[  343.714429][T21058] total_swap 385024
[  343.718230][T21058] total_swapcached 12288
[  343.722477][T21058] total_pgpgin 234916
[  343.726430][T21058] total_pgpgout 234905
[  343.730483][T21058] total_pgfault 251568
[  343.734525][T21058] total_pgmajfault 487
[  343.738574][T21058] total_inactive_anon 12288
[  343.743045][T21058] total_active_anon 0
[  343.747021][T21058] total_inactive_file 32768
[  343.747969][T21085] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  343.751526][T21058] total_active_file 0
[  343.751535][T21058] total_unevictable 0
[  343.751543][T21058] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null)
[  343.760559][T21085] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  343.763824][T21058] ,cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.4226,pid=21057,uid=0
[  343.792440][T21058] Memory cgroup out of memory: Killed process 21057 (syz.1.4226) total-vm:96016kB, anon-rss:1132kB, file-rss:22316kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  343.881669][T21095] loop4: detected capacity change from 0 to 512
[  343.922676][T21101] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4239'.
[  343.943408][T21095] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  343.961908][T21095] EXT4-fs (loop4): orphan cleanup on readonly fs
[  343.968566][T21095] EXT4-fs warning (device loop4): ext4_enable_quotas:7221: Failed to enable quota tracking (type=0, err=-22, ino=3). Please run e2fsck to fix.
[  343.983193][T21095] EXT4-fs (loop4): Cannot turn on quotas: error -22
[  343.989954][T21095] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.4236: bad orphan inode 768
[  344.020953][T21107] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4242'.
[  344.093099][T21123] loop3: detected capacity change from 0 to 1024
[  344.099829][T21117] netlink: 'syz.1.4237': attribute type 10 has an invalid length.
[  344.116909][T21123] EXT4-fs: inline encryption not supported
[  344.125927][T21117] bond0: (slave dummy0): Releasing backup interface
[  344.168658][T21117] netlink: 'syz.1.4237': attribute type 10 has an invalid length.
[  344.190975][T21117] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  344.454016][T21098] syz.1.4237 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  344.468143][T21098] CPU: 1 UID: 0 PID: 21098 Comm: syz.1.4237 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  344.468190][T21098] Tainted: [W]=WARN
[  344.468197][T21098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  344.468208][T21098] Call Trace:
[  344.468215][T21098]  <TASK>
[  344.468222][T21098]  __dump_stack+0x1d/0x30
[  344.468248][T21098]  dump_stack_lvl+0x95/0xd0
[  344.468365][T21098]  dump_stack+0x15/0x1b
[  344.468431][T21098]  dump_header+0x81/0x240
[  344.468454][T21098]  oom_kill_process+0x295/0x350
[  344.468531][T21098]  out_of_memory+0x97b/0xb80
[  344.468557][T21098]  try_charge_memcg+0x610/0xa10
[  344.468769][T21098]  obj_cgroup_charge_pages+0xa6/0x150
[  344.468804][T21098]  __memcg_kmem_charge_page+0x9f/0x170
[  344.468831][T21098]  __alloc_frozen_pages_noprof+0x18f/0x360
[  344.468922][T21098]  alloc_pages_mpol+0xb3/0x260
[  344.468950][T21098]  alloc_pages_noprof+0x90/0x130
[  344.469013][T21098]  __vmalloc_node_range_noprof+0xa7b/0x1310
[  344.469047][T21098]  __kvmalloc_node_noprof+0x492/0x6b0
[  344.469191][T21098]  ? ip_set_alloc+0x24/0x30
[  344.469240][T21098]  ? ip_set_alloc+0x24/0x30
[  344.469271][T21098]  ip_set_alloc+0x24/0x30
[  344.469294][T21098]  hash_netiface_create+0x282/0x740
[  344.469327][T21098]  ? __pfx_hash_netiface_create+0x10/0x10
[  344.469427][T21098]  ip_set_create+0x3cc/0x970
[  344.469612][T21098]  ? __nla_parse+0x40/0x60
[  344.469635][T21098]  nfnetlink_rcv_msg+0x4c6/0x590
[  344.469777][T21098]  netlink_rcv_skb+0x123/0x220
[  344.469842][T21098]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  344.469875][T21098]  nfnetlink_rcv+0x167/0x16c0
[  344.469974][T21098]  ? kmem_cache_free+0xe3/0x3a0
[  344.470001][T21098]  ? __kfree_skb+0x109/0x150
[  344.470027][T21098]  ? nlmon_xmit+0x4f/0x60
[  344.470044][T21098]  ? consume_skb+0x49/0x150
[  344.470130][T21098]  ? nlmon_xmit+0x4f/0x60
[  344.470188][T21098]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  344.470295][T21098]  ? __dev_queue_xmit+0x13a6/0x1ee0
[  344.470323][T21098]  ? __dev_queue_xmit+0x148/0x1ee0
[  344.470352][T21098]  ? ref_tracker_free+0x37d/0x3e0
[  344.470430][T21098]  ? __netlink_deliver_tap+0x4dc/0x500
[  344.470468][T21098]  netlink_unicast+0x5c0/0x690
[  344.470497][T21098]  netlink_sendmsg+0x58b/0x6b0
[  344.470532][T21098]  ? __pfx_netlink_sendmsg+0x10/0x10
[  344.470709][T21098]  __sock_sendmsg+0x145/0x180
[  344.470834][T21098]  ____sys_sendmsg+0x31e/0x4a0
[  344.470915][T21098]  ___sys_sendmsg+0x17b/0x1d0
[  344.470953][T21098]  __x64_sys_sendmsg+0xd4/0x160
[  344.470985][T21098]  x64_sys_call+0x17ba/0x3000
[  344.471040][T21098]  do_syscall_64+0xca/0x2b0
[  344.471070][T21098]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  344.471089][T21098] RIP: 0033:0x7fe6cf71f749
[  344.471182][T21098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  344.471199][T21098] RSP: 002b:00007fe6ce187038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  344.471295][T21098] RAX: ffffffffffffffda RBX: 00007fe6cf975fa0 RCX: 00007fe6cf71f749
[  344.471374][T21098] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000005
[  344.471388][T21098] RBP: 00007fe6cf7a3f91 R08: 0000000000000000 R09: 0000000000000000
[  344.471402][T21098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  344.471416][T21098] R13: 00007fe6cf976038 R14: 00007fe6cf975fa0 R15: 00007ffe7525b5a8
[  344.471437][T21098]  </TASK>
[  344.698482][   T29] kauditd_printk_skb: 1138 callbacks suppressed
[  344.698598][   T29] audit: type=1326 audit(1767910415.372:50365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21118 comm="syz.0.4245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fc461472005 code=0x7ffc0000
[  344.701912][T21098] memory: usage 307200kB, limit 307200kB, failcnt 6922
[  344.707306][   T29] audit: type=1326 audit(1767910415.372:50366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21118 comm="syz.0.4245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fc461472005 code=0x7ffc0000
[  344.711337][T21098] memory+swap: usage 307588kB, limit 9007199254740988kB, failcnt 0
[  344.716234][   T29] audit: type=1326 audit(1767910415.392:50367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21118 comm="syz.0.4245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fc461472005 code=0x7ffc0000
[  344.721747][T21098] kmem: usage 307168kB, limit 9007199254740988kB, failcnt 0
[  344.726388][   T29] audit: type=1326 audit(1767910415.402:50368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21118 comm="syz.0.4245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fc461472005 code=0x7ffc0000
[  344.745805][T21098] Memory cgroup stats for 
[  344.754505][   T29] audit: type=1326 audit(1767910415.432:50369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21118 comm="syz.0.4245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fc461472005 code=0x7ffc0000
[  344.762214][T21098] /syz1:
[  344.765391][T21098] cache 0
[  344.770954][   T29] audit: type=1326 audit(1767910415.452:50370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21118 comm="syz.0.4245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fc461472005 code=0x7ffc0000
[  344.778161][T21098] rss 0
[  344.778171][T21098] shmem 0
[  344.786410][   T29] audit: type=1326 audit(1767910415.462:50371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21118 comm="syz.0.4245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fc461472005 code=0x7ffc0000
[  344.794123][T21098] mapped_file 0
[  344.797362][   T29] audit: type=1326 audit(1767910415.472:50372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21118 comm="syz.0.4245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fc461472005 code=0x7ffc0000
[  344.803355][T21098] dirty 0
[  344.803364][T21098] writeback 0
[  344.827378][   T29] audit: type=1326 audit(1767910415.502:50373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21118 comm="syz.0.4245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fc461472005 code=0x7ffc0000
[  344.833840][T21098] workingset_refault_anon 819
[  344.833851][T21098] workingset_refault_file 7241
[  344.833860][T21098] swap 397312
[  344.833866][T21098] swapcached 0
[  344.833873][T21098] pgpgin 236041
[  344.873798][   T29] audit: type=1326 audit(1767910415.532:50374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21118 comm="syz.0.4245" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fc461472005 code=0x7ffc0000
[  344.888831][T21098] pgpgout 236033
[  344.888842][T21098] pgfault 252083
[  344.924044][T21098] pgmajfault 576
[  345.116438][T21098] inactive_anon 0
[  345.116449][T21098] active_anon 0
[  345.116456][T21098] inactive_file 0
[  345.116464][T21098] active_file 32768
[  345.130944][T21098] unevictable 0
[  345.134399][T21098] hierarchical_memory_limit 314572800
[  345.139889][T21098] hierarchical_memsw_limit 9223372036854771712
[  345.146025][T21098] total_cache 0
[  345.149500][T21098] total_rss 0
[  345.152848][T21098] total_shmem 0
[  345.156296][T21098] total_mapped_file 0
[  345.160275][T21098] total_dirty 0
[  345.163710][T21098] total_writeback 0
[  345.167492][T21098] total_workingset_refault_anon 819
[  345.172682][T21098] total_workingset_refault_file 7241
[  345.177984][T21098] total_swap 397312
[  345.181777][T21098] total_swapcached 0
[  345.185672][T21098] total_pgpgin 236041
[  345.189648][T21098] total_pgpgout 236033
[  345.193717][T21098] total_pgfault 252083
[  345.197758][T21098] total_pgmajfault 576
[  345.201825][T21098] total_inactive_anon 0
[  345.205950][T21098] total_active_anon 0
[  345.209914][T21098] total_inactive_file 0
[  345.214038][T21098] total_active_file 32768
[  345.218434][T21098] total_unevictable 0
[  345.222472][T21098] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz1,task_memcg=/syz1,task=syz.1.4237,pid=21096,uid=0
[  345.237118][T21098] Memory cgroup out of memory: Killed process 21096 (syz.1.4237) total-vm:93968kB, anon-rss:1260kB, file-rss:22500kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  345.276749][T14613] EXT4-fs unmount: 7 callbacks suppressed
[  345.276764][T14613] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.515824][T21149] loop3: detected capacity change from 0 to 512
[  345.594367][T21149] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  345.633989][T21170] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4256'.
[  345.725970][T21149] EXT4-fs (loop3): 1 truncate cleaned up
[  345.758994][T21149] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  345.945244][T21173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  345.954363][T21173] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  346.090657][T14613] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  346.292283][T21211] loop4: detected capacity change from 0 to 128
[  346.360591][T21211] bio_check_eod: 430 callbacks suppressed
[  346.360607][T21211] syz.4.4269: attempt to access beyond end of device
[  346.360607][T21211] loop4: rw=2049, sector=169, nr_sectors = 8 limit=128
[  346.380238][T21211] syz.4.4269: attempt to access beyond end of device
[  346.380238][T21211] loop4: rw=2049, sector=185, nr_sectors = 16 limit=128
[  346.393845][T21211] syz.4.4269: attempt to access beyond end of device
[  346.393845][T21211] loop4: rw=2049, sector=209, nr_sectors = 8 limit=128
[  346.407532][T21211] syz.4.4269: attempt to access beyond end of device
[  346.407532][T21211] loop4: rw=2049, sector=225, nr_sectors = 8 limit=128
[  346.426852][T21211] syz.4.4269: attempt to access beyond end of device
[  346.426852][T21211] loop4: rw=2049, sector=241, nr_sectors = 8 limit=128
[  346.442637][T21211] syz.4.4269: attempt to access beyond end of device
[  346.442637][T21211] loop4: rw=2049, sector=257, nr_sectors = 8 limit=128
[  346.456254][T21211] syz.4.4269: attempt to access beyond end of device
[  346.456254][T21211] loop4: rw=2049, sector=273, nr_sectors = 8 limit=128
[  346.677550][T21223] lo speed is unknown, defaulting to 1000
[  346.683790][T21223] lo speed is unknown, defaulting to 1000
[  346.949398][T21225] lo speed is unknown, defaulting to 1000
[  346.955629][T21225] lo speed is unknown, defaulting to 1000
[  347.452850][T21211] syz.4.4269: attempt to access beyond end of device
[  347.452850][T21211] loop4: rw=2049, sector=289, nr_sectors = 8 limit=128
[  347.468167][T21211] syz.4.4269: attempt to access beyond end of device
[  347.468167][T21211] loop4: rw=2049, sector=305, nr_sectors = 8 limit=128
[  347.488576][T21211] syz.4.4269: attempt to access beyond end of device
[  347.488576][T21211] loop4: rw=2049, sector=321, nr_sectors = 8 limit=128
[  347.644804][T21287] loop4: detected capacity change from 0 to 2048
[  347.688569][T21287] EXT4-fs (loop4): failed to initialize system zone (-117)
[  348.079577][T21297] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  348.088070][T21297] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  348.524640][T21287] EXT4-fs (loop4): mount failed
[  348.639432][T21278] loop3: detected capacity change from 0 to 512
[  348.679400][T21278] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  348.681176][T21287] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4279'.
[  348.719869][T21287] netlink: 'syz.4.4279': attribute type 10 has an invalid length.
[  348.727725][T21287] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4279'.
[  348.738118][T21287] A link change request failed with some changes committed already. Interface veth1_vlan may have been left with an inconsistent configuration, please check.
[  348.767425][T21278] EXT4-fs (loop3): 1 truncate cleaned up
[  348.781448][T21278] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  348.860819][T21317] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4286'.
[  349.001947][T21328] loop4: detected capacity change from 0 to 1024
[  349.089212][T21328] EXT4-fs: Ignoring removed nomblk_io_submit option
[  349.098101][T14613] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  349.119986][T21328] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  349.219167][T21336] loop3: detected capacity change from 0 to 128
[  349.304655][T21337] netlink: 'syz.4.4289': attribute type 10 has an invalid length.
[  349.330437][T21337] bond0: (slave dummy0): Releasing backup interface
[  349.347137][T21337] dummy0: left allmulticast mode
[  349.395733][T21337] netlink: 'syz.4.4289': attribute type 10 has an invalid length.
[  349.448627][T21337] dummy0: left promiscuous mode
[  349.463302][T21337] dummy0: entered allmulticast mode
[  349.468549][T21337] dummy0: entered promiscuous mode
[  349.554402][T21337] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  349.616487][   T61] Bluetooth: hci0: Frame reassembly failed (-84)
[  349.845995][T21327] syz.4.4289 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000
[  349.857055][T21327] CPU: 0 UID: 0 PID: 21327 Comm: syz.4.4289 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  349.857235][T21327] Tainted: [W]=WARN
[  349.857242][T21327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  349.857253][T21327] Call Trace:
[  349.857259][T21327]  <TASK>
[  349.857267][T21327]  __dump_stack+0x1d/0x30
[  349.857293][T21327]  dump_stack_lvl+0x95/0xd0
[  349.857316][T21327]  dump_stack+0x15/0x1b
[  349.857332][T21327]  dump_header+0x81/0x240
[  349.857404][T21327]  oom_kill_process+0x295/0x350
[  349.857443][T21327]  out_of_memory+0x97b/0xb80
[  349.857468][T21327]  try_charge_memcg+0x610/0xa10
[  349.857621][T21327]  charge_memcg+0x51/0xc0
[  349.857646][T21327]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  349.857706][T21327]  __read_swap_cache_async+0x17b/0x2d0
[  349.857737][T21327]  swap_cluster_readahead+0x262/0x3c0
[  349.857768][T21327]  swapin_readahead+0xde/0x820
[  349.857808][T21327]  ? mod_memcg_lruvec_state+0x1a1/0x280
[  349.857829][T21327]  ? lruvec_stat_mod_folio+0xd6/0x120
[  349.857853][T21327]  ? __rcu_read_unlock+0x4f/0x70
[  349.857883][T21327]  ? swap_cache_get_folio+0x277/0x280
[  349.857988][T21327]  do_swap_page+0x2b4/0x21e0
[  349.858123][T21327]  ? __pfx_default_wake_function+0x10/0x10
[  349.858223][T21327]  handle_mm_fault+0x9d8/0x2c60
[  349.858289][T21327]  do_user_addr_fault+0x630/0x1080
[  349.858316][T21327]  exc_page_fault+0x62/0xa0
[  349.858338][T21327]  asm_exc_page_fault+0x26/0x30
[  349.858355][T21327] RIP: 0033:0x7f21686cd71f
[  349.858419][T21327] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 41 89 fb 44 8d 56 04 4c 8d 0d f2 48 38 00 89 f0 4c 8d 05 e9 28 38 00 89 c2 81 e2 ff 1f 00 00 <49> 8b 0c d1 48 39 f1 74 28 48 85 c9 74 29 45 38 1c 10 75 23 83 c0
[  349.858460][T21327] RSP: 002b:00007ffe212fad68 EFLAGS: 00010206
[  349.858477][T21327] RAX: 000000008198180a RBX: 00007f2169595720 RCX: 0000000000000001
[  349.858490][T21327] RDX: 000000000000180a RSI: ffffffff8198180a RDI: 0000000000000009
[  349.858504][T21327] RBP: ffffffff8198180a R08: 00007f2168a50000 R09: 00007f2168a52000
[  349.858563][T21327] R10: 000000008198180e R11: 0000000000000009 R12: 0000000000000009
[  349.858574][T21327] R13: 0000000000000000 R14: ffffffff819817f2 R15: 0000000000000001
[  349.858588][T21327]  ? fdget+0x12/0x110
[  349.858611][T21327]  ? fdget+0x2a/0x110
[  349.858684][T21327]  ? fdget+0x2a/0x110
[  349.858703][T21327]  </TASK>
[  350.082392][T21327] memory: usage 307200kB, limit 307200kB, failcnt 7090
[  350.089341][T21327] memory+swap: usage 307912kB, limit 9007199254740988kB, failcnt 0
[  350.097319][T21327] kmem: usage 307044kB, limit 9007199254740988kB, failcnt 0
[  350.104595][T21327] Memory cgroup stats for /syz4:
[  350.104912][T21327] cache 8192
[  350.113085][T21327] rss 0
[  350.115819][T21327] shmem 0
[  350.118791][T21327] mapped_file 0
[  350.122228][T21327] dirty 0
[  350.125137][T21327] writeback 8192
[  350.128676][T21327] workingset_refault_anon 3144
[  350.133428][T21327] workingset_refault_file 8784
[  350.138164][T21327] swap 729088
[  350.141456][T21327] swapcached 12288
[  350.145159][T21327] pgpgin 232136
[  350.148616][T21327] pgpgout 232097
[  350.152151][T21327] pgfault 297527
[  350.156118][T21327] pgmajfault 1303
[  350.159781][T21327] inactive_anon 12288
[  350.163786][T21327] active_anon 0
[  350.167233][T21327] inactive_file 143360
[  350.171312][T21327] active_file 4096
[  350.175002][T21327] unevictable 0
[  350.178498][T21327] hierarchical_memory_limit 314572800
[  350.183905][T21327] hierarchical_memsw_limit 9223372036854771712
[  350.190065][T21327] total_cache 8192
[  350.193768][T21327] total_rss 0
[  350.197101][T21327] total_shmem 0
[  350.200641][T21327] total_mapped_file 0
[  350.204620][T21327] total_dirty 0
[  350.208049][T21327] total_writeback 8192
[  350.212104][T21327] total_workingset_refault_anon 3144
[  350.217413][T21327] total_workingset_refault_file 8784
[  350.222693][T21327] total_swap 729088
[  350.226470][T21327] total_swapcached 12288
[  350.230740][T21327] total_pgpgin 232136
[  350.234693][T21327] total_pgpgout 232097
[  350.238750][T21327] total_pgfault 297527
[  350.242798][T21327] total_pgmajfault 1303
[  350.246939][T21327] total_inactive_anon 12288
[  350.251436][T21327] total_active_anon 0
[  350.255391][T21327] total_inactive_file 143360
[  350.259975][T21327] total_active_file 4096
[  350.264187][T21327] total_unevictable 0
[  350.268139][T21327] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.4289,pid=21327,uid=0
[  350.282769][T21327] Memory cgroup out of memory: Killed process 21327 (syz.4.4289) total-vm:94100kB, anon-rss:1264kB, file-rss:22568kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[  350.435497][T15428] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  350.465501][T21368] loop4: detected capacity change from 0 to 128
[  350.613291][   T29] kauditd_printk_skb: 71 callbacks suppressed
[  350.613303][   T29] audit: type=1326 audit(1767910421.282:50446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.4300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  350.645589][   T29] audit: type=1326 audit(1767910421.282:50447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.4300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  350.669392][   T29] audit: type=1326 audit(1767910421.282:50448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.4300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  350.693151][   T29] audit: type=1326 audit(1767910421.322:50449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.4300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  350.716745][   T29] audit: type=1326 audit(1767910421.322:50450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.4300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  350.738986][T21384] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4302'.
[  350.740479][   T29] audit: type=1326 audit(1767910421.322:50452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.4300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  350.772990][   T29] audit: type=1326 audit(1767910421.322:50453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.4300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  350.796547][   T29] audit: type=1326 audit(1767910421.322:50451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.4300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  350.820336][   T29] audit: type=1326 audit(1767910421.322:50454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.4300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  350.843912][   T29] audit: type=1326 audit(1767910421.322:50455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz.4.4300" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f216880f749 code=0x7ffc0000
[  351.139991][T21423] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4314'.
[  351.162199][T21427] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4315'.
[  351.619538][ T3625] Bluetooth: hci0: command 0x1003 tx timeout
[  351.647375][   T44] Bluetooth: hci0: Opcode 0x1003 failed: -110
[  351.757381][T21452] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  351.766130][T21452] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  352.106130][T21458] netlink: 'syz.0.4325': attribute type 10 has an invalid length.
[  352.116319][T21458] bond0: (slave dummy0): Releasing backup interface
[  352.128002][T21458] netlink: 'syz.0.4325': attribute type 10 has an invalid length.
[  352.138102][T21458] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  352.744893][T21485] selinux_netlink_send: 8 callbacks suppressed
[  352.744945][T21485] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=21485 comm=syz.2.4334
[  352.763891][T21485] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=21485 comm=syz.2.4334
[  352.776578][T21485] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=21485 comm=syz.2.4334
[  352.789339][T21485] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2572 sclass=netlink_route_socket pid=21485 comm=syz.2.4334
[  352.802068][T21485] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2562 sclass=netlink_route_socket pid=21485 comm=syz.2.4334
[  352.814746][T21485] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2574 sclass=netlink_route_socket pid=21485 comm=syz.2.4334
[  352.854352][T21487] lo speed is unknown, defaulting to 1000
[  352.860667][T21487] lo speed is unknown, defaulting to 1000
[  352.896002][T21491] FAULT_INJECTION: forcing a failure.
[  352.896002][T21491] name failslab, interval 1, probability 0, space 0, times 0
[  352.908805][T21491] CPU: 1 UID: 0 PID: 21491 Comm: syz.2.4335 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  352.908832][T21491] Tainted: [W]=WARN
[  352.908839][T21491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  352.908849][T21491] Call Trace:
[  352.908855][T21491]  <TASK>
[  352.908861][T21491]  __dump_stack+0x1d/0x30
[  352.908892][T21491]  dump_stack_lvl+0x95/0xd0
[  352.908915][T21491]  dump_stack+0x15/0x1b
[  352.908936][T21491]  should_fail_ex+0x265/0x280
[  352.908960][T21491]  should_failslab+0x8c/0xb0
[  352.908982][T21491]  kmem_cache_alloc_node_noprof+0x6b/0x4c0
[  352.909066][T21491]  ? __alloc_skb+0x2ff/0x4b0
[  352.909093][T21491]  __alloc_skb+0x2ff/0x4b0
[  352.909111][T21491]  ? __alloc_skb+0x228/0x4b0
[  352.909200][T21491]  nexthop_notify+0x1b7/0x2d0
[  352.909229][T21491]  rtm_new_nexthop+0x3544/0x4640
[  352.909258][T21491]  ? xas_load+0x413/0x430
[  352.909336][T21491]  ? __pfx_rtm_new_nexthop+0x10/0x10
[  352.909365][T21491]  rtnetlink_rcv_msg+0x5fe/0x6d0
[  352.909397][T21491]  ? avc_has_perm_noaudit+0xab/0x130
[  352.909431][T21491]  netlink_rcv_skb+0x123/0x220
[  352.909501][T21491]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  352.909536][T21491]  rtnetlink_rcv+0x1c/0x30
[  352.909565][T21491]  netlink_unicast+0x5c0/0x690
[  352.909615][T21491]  netlink_sendmsg+0x58b/0x6b0
[  352.909647][T21491]  ? __pfx_netlink_sendmsg+0x10/0x10
[  352.909686][T21491]  __sock_sendmsg+0x145/0x180
[  352.909707][T21491]  ____sys_sendmsg+0x31e/0x4a0
[  352.909809][T21491]  ___sys_sendmsg+0x17b/0x1d0
[  352.909893][T21491]  __x64_sys_sendmsg+0xd4/0x160
[  352.909922][T21491]  x64_sys_call+0x17ba/0x3000
[  352.909946][T21491]  do_syscall_64+0xca/0x2b0
[  352.909997][T21491]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.910018][T21491] RIP: 0033:0x7f7671f5f749
[  352.910035][T21491] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  352.910078][T21491] RSP: 002b:00007f767099e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  352.910099][T21491] RAX: ffffffffffffffda RBX: 00007f76721b6090 RCX: 00007f7671f5f749
[  352.910113][T21491] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  352.910126][T21491] RBP: 00007f767099e090 R08: 0000000000000000 R09: 0000000000000000
[  352.910139][T21491] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  352.910199][T21491] R13: 00007f76721b6128 R14: 00007f76721b6090 R15: 00007ffee0ea54f8
[  352.910287][T21491]  </TASK>
[  353.237457][T21515] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4338'.
[  353.324045][T21501] loop3: detected capacity change from 0 to 512
[  353.346159][T21501] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  353.489810][T21501] EXT4-fs (loop3): 1 truncate cleaned up
[  353.500579][T21501] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  353.634641][T21542] lo speed is unknown, defaulting to 1000
[  353.641165][T21542] lo speed is unknown, defaulting to 1000
[  354.116245][T14613] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  354.239777][T21580] loop3: detected capacity change from 0 to 1024
[  354.246792][T21580] EXT4-fs: Ignoring removed nomblk_io_submit option
[  354.282178][T21580] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  354.297310][T21580] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4351'.
[  354.316592][T21580] netlink: 'syz.3.4351': attribute type 10 has an invalid length.
[  354.327434][T21580] bond0: (slave dummy0): Releasing backup interface
[  354.344677][T21580] netlink: 'syz.3.4351': attribute type 10 has an invalid length.
[  354.354835][T21580] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  354.376266][T14613] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  354.559285][T21600] loop3: detected capacity change from 0 to 512
[  354.570413][T21600] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  354.635360][T21600] EXT4-fs (loop3): 1 truncate cleaned up
[  354.645107][T21600] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  354.683658][T21608] netlink: 700 bytes leftover after parsing attributes in process `syz.1.4360'.
[  354.900061][T14613] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  354.920614][T21624] loop3: detected capacity change from 0 to 1024
[  354.927799][T21624] EXT4-fs: Ignoring removed nomblk_io_submit option
[  354.950889][T21624] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  354.964716][T21624] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4364'.
[  354.974406][T21618] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  354.983341][T21618] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  354.993875][T21618] loop4: detected capacity change from 0 to 256
[  355.001005][T21618] FAT-fs (loop4): bogus number of FAT sectors
[  355.005928][T21624] netlink: 'syz.3.4364': attribute type 10 has an invalid length.
[  355.007082][T21618] FAT-fs (loop4): Can't find a valid FAT filesystem
[  355.021845][T21624] bond0: (slave dummy0): Releasing backup interface
[  355.038708][T21624] netlink: 'syz.3.4364': attribute type 10 has an invalid length.
[  355.051939][T21624] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  355.084169][T14613] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  355.259668][T21652] lo speed is unknown, defaulting to 1000
[  355.265772][T21652] lo speed is unknown, defaulting to 1000
[  355.303116][T21656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  355.311700][T21656] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  355.541005][T21681] loop4: detected capacity change from 0 to 128
[  355.600290][T21681] bio_check_eod: 322 callbacks suppressed
[  355.600301][T21681] syz.4.4374: attempt to access beyond end of device
[  355.600301][T21681] loop4: rw=2049, sector=169, nr_sectors = 8 limit=128
[  355.619518][T21681] syz.4.4374: attempt to access beyond end of device
[  355.619518][T21681] loop4: rw=2049, sector=185, nr_sectors = 16 limit=128
[  355.633166][T21681] syz.4.4374: attempt to access beyond end of device
[  355.633166][T21681] loop4: rw=2049, sector=209, nr_sectors = 8 limit=128
[  355.646604][T21681] syz.4.4374: attempt to access beyond end of device
[  355.646604][T21681] loop4: rw=2049, sector=225, nr_sectors = 8 limit=128
[  355.660207][T21681] syz.4.4374: attempt to access beyond end of device
[  355.660207][T21681] loop4: rw=2049, sector=241, nr_sectors = 8 limit=128
[  355.674266][T21681] syz.4.4374: attempt to access beyond end of device
[  355.674266][T21681] loop4: rw=2049, sector=257, nr_sectors = 8 limit=128
[  355.688184][T21681] syz.4.4374: attempt to access beyond end of device
[  355.688184][T21681] loop4: rw=2049, sector=273, nr_sectors = 8 limit=128
[  355.701861][T21681] syz.4.4374: attempt to access beyond end of device
[  355.701861][T21681] loop4: rw=2049, sector=289, nr_sectors = 8 limit=128
[  355.715352][T21681] syz.4.4374: attempt to access beyond end of device
[  355.715352][T21681] loop4: rw=2049, sector=305, nr_sectors = 8 limit=128
[  355.728904][T21681] syz.4.4374: attempt to access beyond end of device
[  355.728904][T21681] loop4: rw=2049, sector=321, nr_sectors = 8 limit=128
[  355.845746][T21700] loop4: detected capacity change from 0 to 1024
[  355.853051][T21700] EXT4-fs: Ignoring removed nomblk_io_submit option
[  355.870117][T21700] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  355.993180][T21705] netlink: 'syz.4.4380': attribute type 10 has an invalid length.
[  356.020424][T21705] bond0: (slave dummy0): Releasing backup interface
[  356.029088][T21705] dummy0: left allmulticast mode
[  356.095618][T21705] netlink: 'syz.4.4380': attribute type 10 has an invalid length.
[  356.104623][T21705] dummy0: left promiscuous mode
[  356.110737][T21705] dummy0: entered allmulticast mode
[  356.116032][T21705] dummy0: entered promiscuous mode
[  356.122357][T21705] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  356.140883][T21712] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2568 sclass=netlink_route_socket pid=21712 comm=syz.0.4382
[  356.153635][T21712] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2582 sclass=netlink_route_socket pid=21712 comm=syz.0.4382
[  356.166416][T21712] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2569 sclass=netlink_route_socket pid=21712 comm=syz.0.4382
[  356.179192][T21712] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2572 sclass=netlink_route_socket pid=21712 comm=syz.0.4382
[  356.281371][T21700] syz.4.4380 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  356.295532][T21700] CPU: 1 UID: 0 PID: 21700 Comm: syz.4.4380 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  356.295592][T21700] Tainted: [W]=WARN
[  356.295599][T21700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  356.295611][T21700] Call Trace:
[  356.295617][T21700]  <TASK>
[  356.295665][T21700]  __dump_stack+0x1d/0x30
[  356.295686][T21700]  dump_stack_lvl+0x95/0xd0
[  356.295705][T21700]  dump_stack+0x15/0x1b
[  356.295850][T21700]  dump_header+0x81/0x240
[  356.295873][T21700]  oom_kill_process+0x295/0x350
[  356.295927][T21700]  out_of_memory+0x97b/0xb80
[  356.295953][T21700]  try_charge_memcg+0x610/0xa10
[  356.295995][T21700]  obj_cgroup_charge_pages+0xa6/0x150
[  356.296091][T21700]  __memcg_kmem_charge_page+0x9f/0x170
[  356.296119][T21700]  __alloc_frozen_pages_noprof+0x18f/0x360
[  356.296145][T21700]  alloc_pages_mpol+0xb3/0x260
[  356.296249][T21700]  alloc_pages_noprof+0x90/0x130
[  356.296279][T21700]  __vmalloc_node_range_noprof+0xa7b/0x1310
[  356.296316][T21700]  __kvmalloc_node_noprof+0x492/0x6b0
[  356.296402][T21700]  ? ip_set_alloc+0x24/0x30
[  356.296432][T21700]  ? ip_set_alloc+0x24/0x30
[  356.296464][T21700]  ip_set_alloc+0x24/0x30
[  356.296516][T21700]  hash_netiface_create+0x282/0x740
[  356.296546][T21700]  ? __pfx_hash_netiface_create+0x10/0x10
[  356.296578][T21700]  ip_set_create+0x3cc/0x970
[  356.296620][T21700]  ? __nla_parse+0x40/0x60
[  356.296682][T21700]  nfnetlink_rcv_msg+0x4c6/0x590
[  356.296724][T21700]  netlink_rcv_skb+0x123/0x220
[  356.296824][T21700]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  356.296908][T21700]  nfnetlink_rcv+0x167/0x16c0
[  356.297136][T21700]  ? kmem_cache_free+0xe3/0x3a0
[  356.297158][T21700]  ? __kfree_skb+0x109/0x150
[  356.297226][T21700]  ? nlmon_xmit+0x4f/0x60
[  356.297244][T21700]  ? consume_skb+0x49/0x150
[  356.297265][T21700]  ? nlmon_xmit+0x4f/0x60
[  356.297281][T21700]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  356.297350][T21700]  ? __dev_queue_xmit+0x13a6/0x1ee0
[  356.297377][T21700]  ? __dev_queue_xmit+0x148/0x1ee0
[  356.297429][T21700]  ? ref_tracker_free+0x37d/0x3e0
[  356.297456][T21700]  ? __netlink_deliver_tap+0x4dc/0x500
[  356.297492][T21700]  netlink_unicast+0x5c0/0x690
[  356.297555][T21700]  netlink_sendmsg+0x58b/0x6b0
[  356.297654][T21700]  ? __pfx_netlink_sendmsg+0x10/0x10
[  356.297679][T21700]  __sock_sendmsg+0x145/0x180
[  356.297696][T21700]  ____sys_sendmsg+0x31e/0x4a0
[  356.297773][T21700]  ___sys_sendmsg+0x17b/0x1d0
[  356.297837][T21700]  __x64_sys_sendmsg+0xd4/0x160
[  356.297909][T21700]  x64_sys_call+0x17ba/0x3000
[  356.297941][T21700]  do_syscall_64+0xca/0x2b0
[  356.298088][T21700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.298191][T21700] RIP: 0033:0x7f216880f749
[  356.298236][T21700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  356.298255][T21700] RSP: 002b:00007f216726f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  356.298347][T21700] RAX: ffffffffffffffda RBX: 00007f2168a65fa0 RCX: 00007f216880f749
[  356.298366][T21700] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000006
[  356.298381][T21700] RBP: 00007f2168893f91 R08: 0000000000000000 R09: 0000000000000000
[  356.298396][T21700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  356.298410][T21700] R13: 00007f2168a66038 R14: 00007f2168a65fa0 R15: 00007ffe212face8
[  356.298490][T21700]  </TASK>
[  356.623396][T21700] memory: usage 307200kB, limit 307200kB, failcnt 7494
[  356.630351][T21700] memory+swap: usage 307892kB, limit 9007199254740988kB, failcnt 0
[  356.638317][T21700] kmem: usage 307012kB, limit 9007199254740988kB, failcnt 0
[  356.645659][T21700] Memory cgroup stats for /syz4:
[  356.646048][T21700] cache 28672
[  356.654298][T21700] rss 0
[  356.657124][T21700] shmem 0
[  356.660068][T21700] mapped_file 0
[  356.663507][T21700] dirty 0
[  356.666420][T21700] writeback 0
[  356.669704][T21700] workingset_refault_anon 3225
[  356.674447][T21700] workingset_refault_file 8784
[  356.679205][T21700] swap 708608
[  356.682471][T21700] swapcached 24576
[  356.686273][T21700] pgpgin 236512
[  356.689736][T21700] pgpgout 236465
[  356.693262][T21700] pgfault 302621
[  356.696791][T21700] pgmajfault 1354
[  356.700511][T21700] inactive_anon 24576
[  356.704532][T21700] active_anon 0
[  356.708011][T21700] inactive_file 155648
[  356.712074][T21700] active_file 12288
[  356.715915][T21700] unevictable 0
[  356.719363][T21700] hierarchical_memory_limit 314572800
[  356.724766][T21700] hierarchical_memsw_limit 9223372036854771712
[  356.730944][T21700] total_cache 28672
[  356.734754][T21700] total_rss 0
[  356.738134][T21700] total_shmem 0
[  356.741824][T21700] total_mapped_file 0
[  356.745794][T21700] total_dirty 0
[  356.749391][T21700] total_writeback 0
[  356.753173][T21700] total_workingset_refault_anon 3225
[  356.758546][T21700] total_workingset_refault_file 8784
[  356.763880][T21700] total_swap 708608
[  356.767681][T21700] total_swapcached 24576
[  356.771912][T21700] total_pgpgin 236512
[  356.775879][T21700] total_pgpgout 236465
[  356.779937][T21700] total_pgfault 302621
[  356.783985][T21700] total_pgmajfault 1354
[  356.788114][T21700] total_inactive_anon 24576
[  356.792621][T21700] total_active_anon 0
[  356.796686][T21700] total_inactive_file 155648
[  356.801295][T21700] total_active_file 12288
[  356.805646][T21700] total_unevictable 0
[  356.809639][T21700] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.4380,pid=21699,uid=0
[  356.824412][T21700] Memory cgroup out of memory: Killed process 21699 (syz.4.4380) total-vm:93968kB, anon-rss:1136kB, file-rss:22568kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[  356.869680][T15428] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.920842][T21723] loop4: detected capacity change from 0 to 128
[  356.975496][T21723] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  356.999368][T21723] ext4 filesystem being mounted at /266/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  357.033469][T21723] netlink: 700 bytes leftover after parsing attributes in process `syz.4.4384'.
[  357.062037][   T29] kauditd_printk_skb: 2117 callbacks suppressed
[  357.062052][   T29] audit: type=1326 audit(1767910427.732:52573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21722 comm="syz.4.4384" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f216880f749 code=0x0
[  357.375331][T21744] lo speed is unknown, defaulting to 1000
[  357.381513][T21744] lo speed is unknown, defaulting to 1000
[  357.401578][T21751] FAULT_INJECTION: forcing a failure.
[  357.401578][T21751] name failslab, interval 1, probability 0, space 0, times 0
[  357.414303][T21751] CPU: 0 UID: 0 PID: 21751 Comm: syz.2.4391 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  357.414372][T21751] Tainted: [W]=WARN
[  357.414380][T21751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  357.414391][T21751] Call Trace:
[  357.414397][T21751]  <TASK>
[  357.414404][T21751]  __dump_stack+0x1d/0x30
[  357.414518][T21751]  dump_stack_lvl+0x95/0xd0
[  357.414537][T21751]  dump_stack+0x15/0x1b
[  357.414611][T21751]  should_fail_ex+0x265/0x280
[  357.414635][T21751]  should_failslab+0x8c/0xb0
[  357.414657][T21751]  ? __pfx_io_ring_ctx_ref_free+0x10/0x10
[  357.414697][T21751]  __kmalloc_cache_noprof+0x65/0x4c0
[  357.414717][T21751]  ? percpu_ref_init+0x9c/0x250
[  357.414736][T21751]  ? __pfx_io_ring_ctx_ref_free+0x10/0x10
[  357.414831][T21751]  percpu_ref_init+0x9c/0x250
[  357.414849][T21751]  io_ring_ctx_alloc+0x1b4/0x660
[  357.414873][T21751]  io_uring_create+0x50/0x4e0
[  357.414925][T21751]  ? memchr_inv+0x30/0x2e0
[  357.414947][T21751]  __se_sys_io_uring_setup+0x1be/0x1d0
[  357.414982][T21751]  __x64_sys_io_uring_setup+0x31/0x40
[  357.415039][T21751]  x64_sys_call+0x244c/0x3000
[  357.415116][T21751]  do_syscall_64+0xca/0x2b0
[  357.415146][T21751]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  357.415347][T21751] RIP: 0033:0x7f7671f5f749
[  357.415441][T21751] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  357.415460][T21751] RSP: 002b:00007f76709bf038 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9
[  357.415482][T21751] RAX: ffffffffffffffda RBX: 00007f76721b5fa0 RCX: 00007f7671f5f749
[  357.415501][T21751] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000004b63
[  357.415515][T21751] RBP: 00007f76709bf090 R08: 0000000000000000 R09: 0000000000000000
[  357.415529][T21751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  357.415543][T21751] R13: 00007f76721b6038 R14: 00007f76721b5fa0 R15: 00007ffee0ea54f8
[  357.415580][T21751]  </TASK>
[  357.755375][T15428] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  357.769625][T21777] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4394'.
[  357.787563][T21783] loop4: detected capacity change from 0 to 1024
[  357.794774][T21783] EXT4-fs: Ignoring removed nomblk_io_submit option
[  357.810638][T21783] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  357.897777][T21790] netlink: 'syz.4.4395': attribute type 10 has an invalid length.
[  357.913184][T21790] bond0: (slave dummy0): Releasing backup interface
[  357.946572][T21790] dummy0: left allmulticast mode
[  357.955095][T21792] netlink: 'syz.4.4395': attribute type 10 has an invalid length.
[  357.987486][T21792] dummy0: left promiscuous mode
[  358.010190][T21792] dummy0: entered allmulticast mode
[  358.015454][T21792] dummy0: entered promiscuous mode
[  358.049367][T21792] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  358.169818][   T29] audit: type=1326 audit(1767910428.832:52574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21795 comm="syz.3.4398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b5d59f749 code=0x7ffc0000
[  358.248352][   T29] audit: type=1326 audit(1767910428.872:52575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21795 comm="syz.3.4398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8b5d59f749 code=0x7ffc0000
[  358.272004][   T29] audit: type=1326 audit(1767910428.872:52576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21795 comm="syz.3.4398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b5d59f749 code=0x7ffc0000
[  358.295597][   T29] audit: type=1326 audit(1767910428.872:52577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21795 comm="syz.3.4398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b5d59f749 code=0x7ffc0000
[  358.319220][   T29] audit: type=1326 audit(1767910428.872:52578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21795 comm="syz.3.4398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8b5d59f749 code=0x7ffc0000
[  358.343030][   T29] audit: type=1326 audit(1767910428.872:52579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21795 comm="syz.3.4398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b5d59f749 code=0x7ffc0000
[  358.366765][   T29] audit: type=1326 audit(1767910428.872:52580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21795 comm="syz.3.4398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b5d59f749 code=0x7ffc0000
[  358.390546][   T29] audit: type=1326 audit(1767910428.872:52581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21795 comm="syz.3.4398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8b5d59f749 code=0x7ffc0000
[  358.414140][   T29] audit: type=1326 audit(1767910428.882:52582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21795 comm="syz.3.4398" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b5d59f749 code=0x7ffc0000
[  358.606914][T21783] syz.4.4395 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), order=0, oom_score_adj=1000
[  358.621300][T21783] CPU: 1 UID: 0 PID: 21783 Comm: syz.4.4395 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  358.621331][T21783] Tainted: [W]=WARN
[  358.621337][T21783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  358.621355][T21783] Call Trace:
[  358.621361][T21783]  <TASK>
[  358.621369][T21783]  __dump_stack+0x1d/0x30
[  358.621462][T21783]  dump_stack_lvl+0x95/0xd0
[  358.621543][T21783]  dump_stack+0x15/0x1b
[  358.621562][T21783]  dump_header+0x81/0x240
[  358.621583][T21783]  oom_kill_process+0x295/0x350
[  358.621603][T21783]  out_of_memory+0x97b/0xb80
[  358.621660][T21783]  try_charge_memcg+0x610/0xa10
[  358.621756][T21783]  obj_cgroup_charge_pages+0xa6/0x150
[  358.621783][T21783]  __memcg_kmem_charge_page+0x9f/0x170
[  358.621827][T21783]  __alloc_frozen_pages_noprof+0x18f/0x360
[  358.621857][T21783]  alloc_pages_mpol+0xb3/0x260
[  358.621888][T21783]  alloc_pages_noprof+0x90/0x130
[  358.621986][T21783]  __vmalloc_node_range_noprof+0xa7b/0x1310
[  358.622026][T21783]  __kvmalloc_node_noprof+0x492/0x6b0
[  358.622096][T21783]  ? ip_set_alloc+0x24/0x30
[  358.622125][T21783]  ? ip_set_alloc+0x24/0x30
[  358.622152][T21783]  ip_set_alloc+0x24/0x30
[  358.622228][T21783]  hash_netiface_create+0x282/0x740
[  358.622297][T21783]  ? __pfx_hash_netiface_create+0x10/0x10
[  358.622323][T21783]  ip_set_create+0x3cc/0x970
[  358.622371][T21783]  ? __nla_parse+0x40/0x60
[  358.622446][T21783]  nfnetlink_rcv_msg+0x4c6/0x590
[  358.622488][T21783]  netlink_rcv_skb+0x123/0x220
[  358.622512][T21783]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  358.622587][T21783]  nfnetlink_rcv+0x167/0x16c0
[  358.622690][T21783]  ? kmem_cache_free+0xe3/0x3a0
[  358.622718][T21783]  ? __kfree_skb+0x109/0x150
[  358.622812][T21783]  ? nlmon_xmit+0x4f/0x60
[  358.622833][T21783]  ? consume_skb+0x49/0x150
[  358.622858][T21783]  ? nlmon_xmit+0x4f/0x60
[  358.622877][T21783]  ? dev_hard_start_xmit+0x3b0/0x3e0
[  358.622953][T21783]  ? __dev_queue_xmit+0x13a6/0x1ee0
[  358.622981][T21783]  ? __dev_queue_xmit+0x148/0x1ee0
[  358.623077][T21783]  ? ref_tracker_free+0x37d/0x3e0
[  358.623107][T21783]  ? __netlink_deliver_tap+0x4dc/0x500
[  358.623140][T21783]  netlink_unicast+0x5c0/0x690
[  358.623220][T21783]  netlink_sendmsg+0x58b/0x6b0
[  358.623248][T21783]  ? __pfx_netlink_sendmsg+0x10/0x10
[  358.623276][T21783]  __sock_sendmsg+0x145/0x180
[  358.623325][T21783]  ____sys_sendmsg+0x31e/0x4a0
[  358.623358][T21783]  ___sys_sendmsg+0x17b/0x1d0
[  358.623394][T21783]  __x64_sys_sendmsg+0xd4/0x160
[  358.623494][T21783]  x64_sys_call+0x17ba/0x3000
[  358.623519][T21783]  do_syscall_64+0xca/0x2b0
[  358.623574][T21783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.623593][T21783] RIP: 0033:0x7f216880f749
[  358.623607][T21783] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  358.623623][T21783] RSP: 002b:00007f216726f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  358.623673][T21783] RAX: ffffffffffffffda RBX: 00007f2168a65fa0 RCX: 00007f216880f749
[  358.623688][T21783] RDX: 0000000000000800 RSI: 0000200000000040 RDI: 0000000000000006
[  358.623703][T21783] RBP: 00007f2168893f91 R08: 0000000000000000 R09: 0000000000000000
[  358.623715][T21783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  358.623727][T21783] R13: 00007f2168a66038 R14: 00007f2168a65fa0 R15: 00007ffe212face8
[  358.623800][T21783]  </TASK>
[  358.623808][T21783] memory: usage 307200kB, limit 307200kB, failcnt 7692
[  358.679433][T21811] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  358.682156][T21783] memory+swap: usage 307904kB, limit 9007199254740988kB, failcnt 0
[  358.687506][T21811] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  358.692343][T21783] kmem: usage 307036kB, limit 9007199254740988kB, failcnt 0
[  358.692357][T21783] Memory cgroup stats for /syz4
[  358.770865][T21811] loop3: detected capacity change from 0 to 256
[  358.772711][T21783] :
[  358.785797][T21811] FAT-fs (loop3): bogus number of FAT sectors
[  358.794548][T21783] cache 8192
[  358.795631][T21811] FAT-fs (loop3): Can't find a valid FAT filesystem
[  358.799947][T21783] rss 0
[  359.020366][T21783] shmem 0
[  359.023280][T21783] mapped_file 0
[  359.026711][T21783] dirty 0
[  359.029705][T21783] writeback 8192
[  359.033235][T21783] workingset_refault_anon 3275
[  359.038021][T21783] workingset_refault_file 8784
[  359.042764][T21783] swap 720896
[  359.046063][T21783] swapcached 20480
[  359.049773][T21783] pgpgin 236954
[  359.053251][T21783] pgpgout 236913
[  359.056768][T21783] pgfault 303200
[  359.060327][T21783] pgmajfault 1382
[  359.063941][T21783] inactive_anon 20480
[  359.067893][T21783] active_anon 0
[  359.071339][T21783] inactive_file 61440
[  359.075316][T21783] active_file 86016
[  359.079105][T21783] unevictable 0
[  359.082537][T21783] hierarchical_memory_limit 314572800
[  359.087931][T21783] hierarchical_memsw_limit 9223372036854771712
[  359.094079][T21783] total_cache 8192
[  359.097771][T21783] total_rss 0
[  359.101047][T21783] total_shmem 0
[  359.104479][T21783] total_mapped_file 0
[  359.108445][T21783] total_dirty 0
[  359.111879][T21783] total_writeback 8192
[  359.115918][T21783] total_workingset_refault_anon 3275
[  359.121654][T21783] total_workingset_refault_file 8784
[  359.126910][T21783] total_swap 720896
[  359.130700][T21783] total_swapcached 20480
[  359.134920][T21783] total_pgpgin 236954
[  359.138906][T21783] total_pgpgout 236913
[  359.142955][T21783] total_pgfault 303200
[  359.146991][T21783] total_pgmajfault 1382
[  359.151152][T21783] total_inactive_anon 20480
[  359.155649][T21783] total_active_anon 0
[  359.159611][T21783] total_inactive_file 61440
[  359.164110][T21783] total_active_file 86016
[  359.168492][T21783] total_unevictable 0
[  359.172500][T21783] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0,oom_memcg=/syz4,task_memcg=/syz4,task=syz.4.4395,pid=21782,uid=0
[  359.187195][T21783] Memory cgroup out of memory: Killed process 21782 (syz.4.4395) total-vm:94100kB, anon-rss:1136kB, file-rss:22440kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000
[  359.242637][T15428] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  359.282959][T21849] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4412'.
[  359.283140][T21847] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  359.308046][T21851] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4413'.
[  359.375689][T21857] FAULT_INJECTION: forcing a failure.
[  359.375689][T21857] name failslab, interval 1, probability 0, space 0, times 0
[  359.388405][T21857] CPU: 1 UID: 0 PID: 21857 Comm: syz.1.4416 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  359.388437][T21857] Tainted: [W]=WARN
[  359.388445][T21857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  359.388459][T21857] Call Trace:
[  359.388465][T21857]  <TASK>
[  359.388473][T21857]  __dump_stack+0x1d/0x30
[  359.388534][T21857]  dump_stack_lvl+0x95/0xd0
[  359.388555][T21857]  dump_stack+0x15/0x1b
[  359.388650][T21857]  should_fail_ex+0x265/0x280
[  359.388671][T21857]  should_failslab+0x8c/0xb0
[  359.388689][T21857]  kmem_cache_alloc_node_noprof+0x6b/0x4c0
[  359.388756][T21857]  ? __alloc_skb+0x2ff/0x4b0
[  359.388779][T21857]  __alloc_skb+0x2ff/0x4b0
[  359.388800][T21857]  ? __alloc_skb+0x228/0x4b0
[  359.388821][T21857]  audit_log_start+0x3a0/0x720
[  359.388842][T21857]  ? kstrtouint+0x76/0xc0
[  359.388931][T21857]  audit_seccomp+0x48/0x100
[  359.388959][T21857]  ? __seccomp_filter+0x832/0x1260
[  359.389059][T21857]  __seccomp_filter+0x843/0x1260
[  359.389095][T21857]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  359.389121][T21857]  ? vfs_write+0x7e8/0x960
[  359.389136][T21857]  ? __rcu_read_unlock+0x4f/0x70
[  359.389154][T21857]  ? __fget_files+0x184/0x1c0
[  359.389210][T21857]  __secure_computing+0x82/0x150
[  359.389231][T21857]  syscall_trace_enter+0xcf/0x1e0
[  359.389252][T21857]  do_syscall_64+0xa4/0x2b0
[  359.389368][T21857]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.389389][T21857] RIP: 0033:0x7fe6cf71f749
[  359.389404][T21857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  359.389421][T21857] RSP: 002b:00007fe6ce187038 EFLAGS: 00000246 ORIG_RAX: 0000000000000042
[  359.389477][T21857] RAX: ffffffffffffffda RBX: 00007fe6cf975fa0 RCX: 00007fe6cf71f749
[  359.389489][T21857] RDX: 0000000000000013 RSI: 0000000000000002 RDI: 0000000000000000
[  359.389502][T21857] RBP: 00007fe6ce187090 R08: 0000000000000000 R09: 0000000000000000
[  359.389513][T21857] R10: 0000200000000e00 R11: 0000000000000246 R12: 0000000000000001
[  359.389524][T21857] R13: 00007fe6cf976038 R14: 00007fe6cf975fa0 R15: 00007ffe7525b5a8
[  359.389540][T21857]  </TASK>
[  359.812192][T21873] netlink: 'syz.0.4421': attribute type 10 has an invalid length.
[  359.847171][T21873] bond0: (slave dummy0): Releasing backup interface
[  359.869548][T21873] netlink: 'syz.0.4421': attribute type 10 has an invalid length.
[  359.880707][T21873] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  359.941771][T21875] loop3: detected capacity change from 0 to 512
[  359.965420][T21875] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  360.006990][T21875] EXT4-fs (loop3): 1 truncate cleaned up
[  360.024456][T21875] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  360.301927][T14613] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  360.357212][T14026] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0
[  360.368175][T14026] CPU: 1 UID: 0 PID: 14026 Comm: syz-executor Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  360.368289][T14026] Tainted: [W]=WARN
[  360.368296][T14026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  360.368312][T14026] Call Trace:
[  360.368319][T14026]  <TASK>
[  360.368326][T14026]  __dump_stack+0x1d/0x30
[  360.368378][T14026]  dump_stack_lvl+0x95/0xd0
[  360.368400][T14026]  dump_stack+0x15/0x1b
[  360.368420][T14026]  dump_header+0x81/0x240
[  360.368440][T14026]  oom_kill_process+0x295/0x350
[  360.368583][T14026]  out_of_memory+0x97b/0xb80
[  360.368607][T14026]  try_charge_memcg+0x610/0xa10
[  360.368646][T14026]  charge_memcg+0x51/0xc0
[  360.368675][T14026]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  360.368749][T14026]  __read_swap_cache_async+0x17b/0x2d0
[  360.368780][T14026]  swap_cluster_readahead+0x362/0x3c0
[  360.368818][T14026]  swapin_readahead+0xde/0x820
[  360.368844][T14026]  ? __rcu_read_unlock+0x4f/0x70
[  360.368865][T14026]  ? __perf_event_task_sched_in+0xa5b/0xac0
[  360.368888][T14026]  ? __list_add_valid_or_report+0x38/0xe0
[  360.368950][T14026]  ? __rcu_read_unlock+0x4f/0x70
[  360.369084][T14026]  ? swap_cache_get_folio+0x277/0x280
[  360.369113][T14026]  do_swap_page+0x2b4/0x21e0
[  360.369171][T14026]  ? _raw_spin_unlock+0x26/0x50
[  360.369195][T14026]  ? __schedule+0x85f/0xcd0
[  360.369219][T14026]  ? __pfx_default_wake_function+0x10/0x10
[  360.369252][T14026]  handle_mm_fault+0x9d8/0x2c60
[  360.369356][T14026]  do_user_addr_fault+0x630/0x1080
[  360.369382][T14026]  exc_page_fault+0x62/0xa0
[  360.369404][T14026]  asm_exc_page_fault+0x26/0x30
[  360.369496][T14026] RIP: 0033:0x7fc461471fc5
[  360.369512][T14026] Code: 00 00 00 00 00 83 ff 03 74 7b 83 ff 02 b8 fa ff ff ff 49 89 ca 0f 44 f8 80 3d 9e 95 1f 00 00 74 14 b8 e6 00 00 00 0f 05 f7 d8 <c3> 66 2e 0f 1f 84 00 00 00 00 00 48 83 ec 28 48 89 54 24 10 89 74
[  360.369594][T14026] RSP: 002b:00007ffff53db0c8 EFLAGS: 00010246
[  360.369611][T14026] RAX: 0000000000000000 RBX: 00000000000002f0 RCX: 00007fc461471fc3
[  360.369624][T14026] RDX: 00007ffff53db0e0 RSI: 0000000000000000 RDI: 0000000000000000
[  360.369636][T14026] RBP: 00007ffff53db14c R08: 0000000012f93894 R09: 0000000000000000
[  360.369648][T14026] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000001388
[  360.369661][T14026] R13: 00000000000927c0 R14: 0000000000057e25 R15: 00007ffff53db1a0
[  360.369680][T14026]  </TASK>
[  360.597513][T14026] memory: usage 307200kB, limit 307200kB, failcnt 4071
[  360.604415][T14026] memory+swap: usage 307424kB, limit 9007199254740988kB, failcnt 0
[  360.612403][T14026] kmem: usage 307192kB, limit 9007199254740988kB, failcnt 0
[  360.619698][T14026] Memory cgroup stats for /syz0:
[  360.620084][T14026] cache 0
[  360.627960][T14026] rss 0
[  360.630745][T14026] shmem 0
[  360.633706][T14026] mapped_file 0
[  360.637151][T14026] dirty 0
[  360.640102][T14026] writeback 0
[  360.640199][T21872] ==================================================================
[  360.643366][T14026] workingset_refault_anon 688
[  360.643375][T14026] workingset_refault_file 11733
[  360.651427][T21872] BUG: KCSAN: data-race in mem_cgroup_flush_stats_ratelimited / tick_do_update_jiffies64
[  360.656092][T14026] swap 229376
[  360.660917][T21872] 
[  360.660924][T21872] read-write to 0xffffffff86809a00 of 8 bytes by interrupt on cpu 1:
[  360.660942][T21872]  tick_do_update_jiffies64+0x113/0x1c0
[  360.670740][T14026] swapcached 4096
[  360.673978][T21872]  tick_nohz_handler+0x8d/0x3d0
[  360.676286][T14026] pgpgin 389026
[  360.684321][T21872]  __hrtimer_run_queues+0x20f/0x5a0
[  360.684346][T21872]  hrtimer_interrupt+0x21a/0x460
[  360.689902][T14026] pgpgout 389024
[  360.693491][T21872]  __sysvec_apic_timer_interrupt+0x5f/0x1d0
[  360.698350][T14026] pgfault 397846
[  360.701746][T21872]  sysvec_apic_timer_interrupt+0x6f/0x80
[  360.706917][T14026] pgmajfault 538
[  360.706926][T14026] inactive_anon 0
[  360.711826][T21872]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  360.711850][T21872]  console_flush_all+0x541/0x6c0
[  360.711868][T21872]  console_unlock+0x97/0x270
[  360.711898][T21872]  vprintk_emit+0x39f/0x5c0
[  360.711921][T21872]  vprintk_default+0x26/0x30
[  360.715445][T14026] active_anon 4096
[  360.715454][T14026] inactive_file 0
[  360.721310][T21872]  vprintk+0x1d/0x30
[  360.721333][T21872]  _printk+0x79/0xa0
[  360.724849][T14026] active_file 4096
[  360.724858][T14026] unevictable 0
[  360.730451][T21872]  seq_buf_do_printk+0x113/0x1a0
[  360.730478][T21872]  mem_cgroup_print_oom_meminfo+0x169/0x250
[  360.730501][T21872]  dump_header+0xa3/0x240
[  360.730517][T21872]  oom_kill_process+0x295/0x350
[  360.730534][T21872]  out_of_memory+0x97b/0xb80
[  360.734053][T14026] hierarchical_memory_limit 314572800
[  360.737658][T21872]  try_charge_memcg+0x610/0xa10
[  360.743683][T14026] hierarchical_memsw_limit 9223372036854771712
[  360.748517][T21872]  charge_memcg+0x51/0xc0
[  360.748546][T21872]  mem_cgroup_swapin_charge_folio+0xcc/0x150
[  360.753110][T14026] total_cache 0
[  360.757584][T21872]  __read_swap_cache_async+0x17b/0x2d0
[  360.762172][T14026] total_rss 0
[  360.765839][T21872]  swap_cluster_readahead+0x362/0x3c0
[  360.769513][T14026] total_shmem 0
[  360.773322][T21872]  swapin_readahead+0xde/0x820
[  360.777188][T14026] total_mapped_file 0
[  360.780885][T21872]  do_swap_page+0x2b4/0x21e0
[  360.780918][T21872]  handle_mm_fault+0x9d8/0x2c60
[  360.784361][T14026] total_dirty 0
[  360.789267][T21872]  do_user_addr_fault+0x630/0x1080
[  360.789294][T21872]  exc_page_fault+0x62/0xa0
[  360.795149][T14026] total_writeback 0
[  360.799445][T21872]  asm_exc_page_fault+0x26/0x30
[  360.799466][T21872] 
[  360.799473][T21872] read to 0xffffffff86809a00 of 8 bytes by task 21872 on cpu 0:
[  360.804290][T14026] total_workingset_refault_anon 688
[  360.808854][T21872]  mem_cgroup_flush_stats_ratelimited+0x29/0x70
[  360.808887][T21872]  count_shadow_nodes+0x6a/0x230
[  360.814224][T14026] total_workingset_refault_file 11733
[  360.819048][T21872]  do_shrink_slab+0x63/0x680
[  360.819069][T21872]  shrink_slab+0x4f5/0x840
[  360.825223][T14026] total_swap 229376
[  360.825232][T14026] total_swapcached 4096
[  360.829522][T21872]  shrink_node+0x6a9/0x2010
[  360.829542][T21872]  do_try_to_free_pages+0x3f6/0xcd0
[  360.835493][T14026] total_pgpgin 389026
[  360.838923][T21872]  try_to_free_mem_cgroup_pages+0x1ab/0x410
[  360.844364][T14026] total_pgpgout 389024
[  360.847622][T21872]  try_charge_memcg+0x383/0xa10
[  360.852980][T14026] total_pgfault 397846
[  360.856394][T21872]  obj_cgroup_charge_pages+0xa6/0x150
[  360.861156][T14026] total_pgmajfault 538
[  360.865086][T21872]  __memcg_kmem_charge_page+0x9f/0x170
[  360.869673][T14026] total_inactive_anon 0
[  360.874473][T21872]  __alloc_frozen_pages_noprof+0x18f/0x360
[  360.877908][T14026] total_active_anon 4096
[  360.882989][T21872]  alloc_pages_mpol+0xb3/0x260
[  360.883016][T21872]  alloc_pages_noprof+0x90/0x130
[  360.883038][T21872]  __vmalloc_node_range_noprof+0xa7b/0x1310
[  360.887508][T14026] total_inactive_file 0
[  360.891291][T21872]  __kvmalloc_node_noprof+0x492/0x6b0
[  360.891317][T21872]  ip_set_alloc+0x24/0x30
[  360.896138][T14026] total_active_file 4096
[  360.898438][T21872]  hash_netiface_create+0x282/0x740
[  360.898466][T21872]  ip_set_create+0x3cc/0x970
[  360.898492][T21872]  nfnetlink_rcv_msg+0x4c6/0x590
[  360.906087][T14026] total_unevictable 0
[  360.911256][T21872]  netlink_rcv_skb+0x123/0x220
[  360.911281][T21872]  nfnetlink_rcv+0x167/0x16c0
[  360.911302][T21872]  netlink_unicast+0x5c0/0x690
[  360.911326][T21872]  netlink_sendmsg+0x58b/0x6b0
[  360.911349][T21872]  __sock_sendmsg+0x145/0x180
[  360.911364][T21872]  ____sys_sendmsg+0x31e/0x4a0
[  360.911384][T21872]  ___sys_sendmsg+0x17b/0x1d0
[  360.911405][T21872]  __x64_sys_sendmsg+0xd4/0x160
[  360.917613][T14026] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null)
[  360.922535][T21872]  x64_sys_call+0x17ba/0x3000
[  360.922561][T21872]  do_syscall_64+0xca/0x2b0
[  360.927913][T14026] ,cpuset=/
[  360.932470][T21872]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.936878][T14026] ,mems_allowed=0
[  360.940640][T21872] 
[  360.940647][T21872] value changed: 0x0000000100001785 -> 0x0000000100001786
[  360.940660][T21872] 
[  360.940664][T21872] Reported by Kernel Concurrency Sanitizer on:
[  360.944780][T14026] ,oom_memcg=/syz0
[  360.949262][T21872] CPU: 0 UID: 0 PID: 21872 Comm: syz.0.4421 Tainted: G        W           syzkaller #0 PREEMPT(voluntary) 
[  360.954438][T14026] ,task_memcg=
[  360.958380][T21872] Tainted: [W]=WARN
[  360.958389][T21872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  360.964252][T14026] /syz0,task=syz.0.4421,pid=21871,uid=0
[  360.968292][T21872] ==================================================================
[  360.973944][T21911] loop3: detected capacity change from 0 to 512
[  360.977216][T14026] Memory cgroup out of memory: Killed process 21871 (syz.0.4421) total-vm:94100kB, anon-rss:1136kB, file-rss:22440kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000
[  361.009525][T21911] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  361.059154][T21897] loop4: detected capacity change from 0 to 128
[  361.064034][T21911] ext4 filesystem being mounted at /316/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  361.261048][T21911] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #18: comm syz.3.4432: corrupted inode contents
[  361.274092][T21911] EXT4-fs error (device loop3): ext4_dirty_inode:6502: inode #18: comm syz.3.4432: mark_inode_dirty error
[  361.286310][T21897] bio_check_eod: 98 callbacks suppressed
[  361.286348][T21897] syz.4.4429: attempt to access beyond end of device
[  361.286348][T21897] loop4: rw=2049, sector=169, nr_sectors = 8 limit=128
[  361.305736][T21897] syz.4.4429: attempt to access beyond end of device
[  361.305736][T21897] loop4: rw=2049, sector=185, nr_sectors = 16 limit=128
[  361.319297][T21911] EXT4-fs error (device loop3): ext4_do_update_inode:5617: inode #18: comm syz.3.4432: corrupted inode contents
[  361.331505][T21897] syz.4.4429: attempt to access beyond end of device
[  361.331505][T21897] loop4: rw=2049, sector=209, nr_sectors = 8 limit=128
[  361.339671][T21911] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3000: inode #18: comm syz.3.4432: mark_inode_dirty error
[  361.345214][T21897] syz.4.4429: attempt to access beyond end of device
[  361.345214][T21897] loop4: rw=2049, sector=225, nr_sectors = 8 limit=128
[  361.370569][T21897] syz.4.4429: attempt to access beyond end of device
[  361.370569][T21897] loop4: rw=2049, sector=241, nr_sectors = 8 limit=128
[  361.371432][T21911] EXT4-fs error (device loop3): ext4_xattr_delete_inode:3003: inode #18: comm syz.3.4432: mark inode dirty (error -117)
[  361.384167][T21897] syz.4.4429: attempt to access beyond end of device
[  361.384167][T21897] loop4: rw=2049, sector=257, nr_sectors = 8 limit=128
[  361.410112][T21897] syz.4.4429: attempt to access beyond end of device
[  361.410112][T21897] loop4: rw=2049, sector=273, nr_sectors = 8 limit=128
[  361.423714][T21911] EXT4-fs warning (device loop3): ext4_evict_inode:273: xattr delete (err -117)
[  361.432953][T21897] syz.4.4429: attempt to access beyond end of device
[  361.432953][T21897] loop4: rw=2049, sector=289, nr_sectors = 8 limit=128
[  361.447519][T21897] syz.4.4429: attempt to access beyond end of device
[  361.447519][T21897] loop4: rw=2049, sector=305, nr_sectors = 8 limit=128
[  361.462704][T21897] syz.4.4429: attempt to access beyond end of device
[  361.462704][T21897] loop4: rw=2049, sector=321, nr_sectors = 8 limit=128
[  361.813398][T14613] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.